Hashicorp Vault OIDC identity provider #13
Comments
|
Hi @mofr93 At the beginning of this plugin i was always using the introspection endpoint but removed it because it will be called for every single endpoint, which can slow everything down... I have already used Vault but not as an OIDC Provider. I will have a closer look on the weekend. |
|
Hey @sevensolutions Thanks for the reply. Yes, the access_token is just an opaque token that is only used for calling the introspection endpoint in Vault, so no JWT. I see the problems with calling this endpoint everytime. Maybe it needs to have some sort of cache set up. I tried this other project that just verifies the id_token which works for me https://github.com/lukaszraczylo/traefikoidc |
|
I will close this as won't-fix, at least for now because i don't want to implement this in the near future. |
Hi,
Hashicorp vault OIDC provider issues an opaque access_token. They recommend we use the userinfo_endpoint for introspection, because the access_token itself cannot be parsed, therefore it is not working. Is there any plans to support verification of claims etc. from the userinfo_endpoint?
The text was updated successfully, but these errors were encountered: