Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sample configurations #71

Closed
drzraf opened this issue Mar 23, 2018 · 4 comments
Closed

sample configurations #71

drzraf opened this issue Mar 23, 2018 · 4 comments
Assignees
@timnolte
Labels
enhancement Issues & PRs related to new features.
Projects
4.x

Comments

@drzraf
Copy link
Contributor

drzraf commented Mar 23, 2018

It's supposed that Google is a supported openid provider.
It already provides a metadata URL which should ease configuration:
https://accounts.google.com/.well-known/openid-configuration
Anyway the "End Session Endpoint URL" is not clear. Is it actually what Google calls a "revocation_endpoint"?

Samples of configuration for common providers would be welcome or, better, make use of the metadata URL to automatically fill the fields.
@daggerhart
Copy link
Collaborator

Making use of the metadata URLs sounds awesome. I definitely want to look into that.

In this case, yes the End Session Endpoint URL is meant to be that URL where the access token is revoked. But, it is very simple and expects the url will automatically handle the revocation upon being visited (GET request).

I've not tested this with Google, do they expect a POST request or something more than simply hitting a URL?

@drzraf
Copy link
Contributor Author

drzraf commented May 24, 2018

For the record:
https://gitlab.com/.well-known/openid-configuration
https://auth0.auth0.com/.well-known/openid-configuration
https://accounts.google.com/.well-known/openid-configuration
https://login.yahoo.com/.well-known/openid-configuration
https://connect-op.herokuapp.com/.well-known/openid-configuration
https://login.salesforce.com/.well-known/openid-configuration
https://login.windows.net/common/.well-known/openid-configuration
https://www.paypalobjects.com/.well-known/openid-configuration

See also:
https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/openid-connect-providers

@drzraf drzraf mentioned this issue May 31, 2018
Open
4 tasks
@daggerhart daggerhart added this to To do in 4.x Nov 4, 2018
@Kiina Kiina mentioned this issue Jun 7, 2020
Open
@mbrowne
Copy link

mbrowne commented Jul 16, 2020

To answer the question about "End Session Endpoint URL", I used this endpoint and it seems to work fine (although I don't actually know if it's doing anything on Google's end):

https://oauth2.googleapis.com/revoke

It's listed at https://accounts.google.com/.well-known/openid-configuration as the "revocation_endpoint".

@timnolte timnolte added the enhancement Issues & PRs related to new features. label Feb 25, 2022
@timnolte timnolte self-assigned this Feb 25, 2022
@timnolte
Copy link
Collaborator

Noting that the Wiki has been compiling IDP setup guides. Additionally, one of the nect major releases is going to include using the OIDC configuration discovery endpoint to pre-configure the plugin settings.

@timnolte timnolte moved this from To do to Done in 4.x Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timnolte timnolte

Labels
enhancement Issues & PRs related to new features.
Projects
4.x
  
Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mbrowne @drzraf @daggerhart @timnolte