Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add implicit id_token flow #34

Merged
merged 6 commits into from
Dec 31, 2019
Merged

Add implicit id_token flow #34

merged 6 commits into from
Dec 31, 2019

Conversation

eborden
Copy link
Contributor

@eborden eborden commented Oct 7, 2019
edited
Loading

There are a few unrelated prefactor changes here, namely adding tooling configuration files.

Add implicit id_token flow

Some auth servers only allow the implicit flow for fetching an
id_token. This flow is very straight forward, but it requires a few
different steps than auth code.

  1. The client requests a response_type id_token.
  2. The request must contain response_mode=form_post otherwise the
    identity server will return parameters in the hash fragment.
  3. The id_token can then be validated by the client.

MonadCatch and MonadThrow

This pull request does not utilize MonadCatch or MonadThrow. My specific use case is utilizing yesod-auth, which requires authorization dispatch to exist within an abstract handler.

type MonadAuthHandler master m = (MonadHandler m, YesodAuth master, master ~ HandlerSite m, Auth ~ SubHandlerSite m, MonadUnliftIO m)

That handler does not include MonadCatch or MonadThrow. So the use of those constraints was prohibitive. Since all of the throwing and catching in this library happens within IO, it is not necessary to use MonadCatch and MonadThrow. I have excluded them from this PR.

@eborden
Add basic editor config
dd1160b
@eborden
Add stylish haskell config
0a8566a
@eborden
Add brittany config
e96b9ec
@eborden
Add implicit id token flow
ae10b5b 
Some auth servers only allow the implicit flow for fetching an
`id_token`. This flow is very straight forward, but it requires a few
different steps than auth code.

1. The client requests a `response_type` `id_token`.
2. The request must contain `response_mode=form_post` otherwise the
   identity server will return parameters in the hash fragment.
3. The `id_token` can then be validated by the client.
@eborden
Copy link
Contributor Author

eborden commented Oct 7, 2019

Note, one incompatibility with the implicit flow and this library is the requirement of a client_secret to build an OIDC.

@eborden eborden changed the title Add implicit id token flow Add implicit id_token flow Oct 7, 2019
@krdlab
Copy link
Owner

krdlab commented Oct 8, 2019

Thank you for your PR. I'll review the PR at this weekend.

@eborden
Copy link
Contributor Author

eborden commented Nov 12, 2019

@krdlab have you had a chance to look at this?

krdlab
krdlab approved these changes Dec 31, 2019
View reviewed changes
Copy link
Owner

@krdlab krdlab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm really sorry for being late.
I reviewed the PR. It Looks good to me. Thanks again.

@krdlab krdlab merged commit 8639782 into krdlab:master Dec 31, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krdlab krdlab krdlab approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eborden @krdlab