Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No way to check if server supports UserInfo #373

Closed
crawshaw opened this issue Apr 24, 2023 · 1 comment · Fixed by #375
Closed

No way to check if server supports UserInfo #373

crawshaw opened this issue Apr 24, 2023 · 1 comment · Fixed by #375

Comments

@crawshaw
Copy link

The server's .well-known/openid-configuration reports a UserInfo endpoint which is used in the UserInfo method. If the OIDC provider does not report an endpoint, UserInfo reports an error. But there is no way programmatically check beforehand and no way to check the error message other than string matching:

ui, err = provider.UserInfo(ctx, source)
if !strings.Contains(err.Error(), "user info endpoint is not supported") {
        // handle it
}

It would be nice if it were possible to avoid string matching on the error. Perhaps either something to pass to errors.Is or a mechanism for inspecting the contents of the .well-known/openid-configuration that the package fetched?
@crawshaw crawshaw mentioned this issue Apr 24, 2023
Closed
@ericchiang
Copy link
Collaborator

Does something like the following work? (sorry, Claims is probably a bad name for "inspect the provider config")

https://pkg.go.dev/github.com/coreos/go-oidc/v3/oidc#Provider.Claims

package main

import (
	"context"
	"fmt"
	"log"

	"github.com/coreos/go-oidc/v3/oidc"
)

func main() {
	ctx := context.Background()
	p, err := oidc.NewProvider(ctx, "https://accounts.google.com")
	if err != nil {
		log.Fatalf("getting provider info: %v", err)
	}
	var claims struct {
		UserInfoEndpoint string `json:"userinfo_endpoint"`
	}
	if err := p.Claims(&claims); err != nil {
		log.Fatalf("parsing provider info: %v", err)
	}
	if claims.UserInfoEndpoint != "" {
		fmt.Println("userinfo_endpoint:", claims.UserInfoEndpoint)
	} else {
		fmt.Println("userinfo_endpoint not supported")
	}
}

@ericchiang ericchiang mentioned this issue Apr 24, 2023
Closed
raggi added a commit to raggi/go-oidc that referenced this issue Apr 24, 2023
@raggi
oidc: add UserInfoEndpoint returning the discocvered URL
e134c5d 
This enables users detect if the provider.UserInfo method would fail
ahead of time, by checking for the empty string in UserInfoEndpoint.

Fixes coreos#373
Fixes coreos#374
@raggi raggi mentioned this issue Apr 24, 2023
Merged
ericchiang pushed a commit that referenced this issue Apr 25, 2023
@raggi @ericchiang
oidc: add UserInfoEndpoint returning the discocvered URL
82f6983 
This enables users detect if the provider.UserInfo method would fail
ahead of time, by checking for the empty string in UserInfoEndpoint.

Fixes #373
Fixes #374
lukaszraczylo pushed a commit to lukaszraczylo/go-oidc that referenced this issue Apr 13, 2024
@raggi @lukaszraczylo
oidc: add UserInfoEndpoint returning the discocvered URL
0bb3b64 
This enables users detect if the provider.UserInfo method would fail
ahead of time, by checking for the empty string in UserInfoEndpoint.

Fixes coreos#373
Fixes coreos#374
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

oidc: add UserInfoEndpoint returning the discocvered URL raggi/go-oidc
2 participants
@crawshaw @ericchiang