-
-
Notifications
You must be signed in to change notification settings - Fork 762
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Anyone tried OpenId? #694
Comments
I think OpenID support is not implemented in Connexion, feel free to propose an implementation/PR (?). |
Yeah, sorry @WimDH I haven't had a chance to fully understand OpenID Connect and implement it. |
You can still use oauth2 and parse the JWT yourself in x-tokenInfoFunc. |
@hjacobs @dtkav @cziebuhr from what I understand: One of in python Once signature on token is verified to be coming from the As an an example unrelated directly to openapi specification i will list below kubernetes spec to demonstrate the difference in groups handling. It is fascinating to observe details of implementation of this single file over the last two years and the oidc setup being reduced to below:
might then very easily translate to in openapi.yaml:
Reason I'm listing this is I believe it is important to observe implementation that cares where the GroupClaims are coming from. As you are crafting the token, groups can be placed in different locations. I use So (imho) OpenIDConnect (OIDC) should care not directly about .well-known endpoint which is global to the oidcIssuer but rather on these 4 elements that are required to determine WHO against the OpenAPI security(openId) WHAT:
In Summary: OpenID Connect Discover (oidc) is very close from being fully realized in python for OpenApi. Personally I have both beautiful dreams and nightmares about this section for a long time. I think for all of us, getting to a point where you can use abstracted system like Keycloak, Auth0, Google, Cognito ... with or without federated LDAP that admit control to selected endpoints based on token's self-contained details is very long awaited. |
Hello I am just curious if there was an improvement in this issue. It is something I would like to use |
Yep, same for me, are there any news ? |
Still no news on this issue? |
This feature would be much appreciated. |
I'm curious if there is any news on this issue. I would really like to use this. |
+1 |
1 similar comment
+1 |
This would be great, oidc is becoming de-facto. |
From what I can tell, it could be as simple as this: But leaves it up to the application to do the JWT validation (like it would for ordinary OAuth2 tokens) |
Description
I tried to use OpenId for secure my endpoints, but when the security is not applied. My endpoint returned it's result without the use of my token.
I cloned the dev-2.0 branch and used the hello example.
My swagger config file:
curl http://127.0.0.1:9090/v1.0/greeting/wim --request POST
produces:
hello wim
The text was updated successfully, but these errors were encountered: