Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oidc-discovery-provider 'use' property #2623

Closed
kfox1111 opened this issue Nov 10, 2021 · 3 comments
Closed

oidc-discovery-provider 'use' property #2623

kfox1111 opened this issue Nov 10, 2021 · 3 comments
Labels
good first issue Issues with this label are good candidates for first-time contributions

Comments

@kfox1111
Copy link
Contributor

I've been trying to get Spire and Strimzi deployed Kafka to work together. I deployed the oidc-discovery-provider and connected Kafka to it. It almost works but apparently the Kafka plugin is expecting the JWKS to have the 'use' property specified. It appears optional in the spec so its arguably a Kafka plugin bug. But, there could be other oidc/oauth2 clients that have similar expectations so for compatibility reasons, the ability to have oidc-discovery-provider allow force setting the 'use' property might be useful. Perhaps a command line flag to force set the 'use' property to 'sig'?

@azdagron azdagron added the good first issue Issues with this label are good candidates for first-time contributions label Nov 10, 2021
@azdagron
Copy link
Member

I think this sounds reasonable. I am tempted to just add "use" to the JWKs across the board but I am not super confident that it won't break some esoteric existing deployment. It WOULD be surprising if an implementation couldn't handle the parameter but we've seem some crazy stuff.

command line flag

The project does not use flags except to direct the application to a config file. I could see us growing a new jwks section in the config file for controlling rendering (assumes that we may have other properties to tweak in the future).

Maybe something like:

jwks {
    set_use_parameter = true
}

@azdagron
Copy link
Member

If we got enough signal that "use" was safe across the board, we could always migrate the default to true (following our backcompat guidelines).

@azdagron
Copy link
Member

azdagron commented Dec 7, 2021

Fixed by #2634.

@azdagron azdagron closed this as completed Dec 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue Issues with this label are good candidates for first-time contributions
Projects
None yet
Development

No branches or pull requests

2 participants