Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for fidm.oidc.op.getMetadata #51

Closed
renzosunico opened this issue Aug 14, 2020 · 2 comments
Closed

Support for fidm.oidc.op.getMetadata #51

renzosunico opened this issue Aug 14, 2020 · 2 comments

Comments

@renzosunico
Copy link

What does it do?

It's an endpoint that allows OP to pull the OP metadata which contains different endpoints such as authorize endpoint, token endpoint, userinfo endpoint, introspect endpoint and most importantly the JSON web keys.

Why do we need it?

It is necessary so that we are able to pull the latest jwks when validating id_token. It's stated in the document that it could change without prior notice so it would be better to get it from the source rather than having it offline.

Source: https://developers.gigya.com/display/GD/Validate+A+JWT+from+SAP+Customer+Data+Cloud

Public keys are subject to change without warning for security reasons. Recommended best practice is to check the keyid returned in the JWT header against the kid (Key ID) of the public key you have stored from accounts.getJWTPublicKey, or that you received from the OP, and if they do not match, you must update your public key using accounts.getJWTPublicKey or contacting the OP.

Workaround

As a workaround, I do:

gigya.request('fidm.oidc.op.getMetadata')

Note

This endpoint is not listed in the documentation for some reason.

@iBaryo
Copy link
Collaborator

iBaryo commented Aug 14, 2020

#52

@iBaryo iBaryo closed this as completed Aug 14, 2020
@jsunico
Copy link
Contributor

jsunico commented Aug 19, 2020

Hi @iBaryo, thanks for merging my request. :) May I know when I can expect the new npm version, please? Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants