Current OIDC implementation requires provider to implement the /.well-known/openid-configuration endpoint

[tlawrie]

Issue
The current implementation expects the OIDC provider to implement the discovery endpoint, however this is optional in the spec and unfortunately some enterprises do not implement this, such as IBM.

Possible Solution
Add a method for New Manual Provider which returns an object based on additional detail passed to it

// NewManualProvider creates a provider with manually set configurations
func NewManualProvider(ctx context.Context, issuer, authURL, tokenURL, userInfoURL, jwksURL string) *Provider {
	return &Provider{
		issuer:       issuer,
		authURL:      authURL,
		tokenURL:     tokenURL,
		userInfoURL:  userInfoURL,
		remoteKeySet: newRemoteKeySet(ctx, jwksURL, time.Now),
	}
}

[ericchiang]

The intended workaround is using NewVerifier with NewRemoteKeySet. Does that work?

Creating a provider without discovery doesn't really make sense since oidc.Provider is just used to get to the claims or an IDTokenVerifier.

[tlawrie]

@ericchiang thank you for the suggestion. We shall try this approach.