[FEATURE] Introduce a ThirdParty GenericOIDC implementation.
ghstahl opened this issue · comments
Checklist
- I could not find a solution in the existing issues or docs.
- I agree to follow this project's Code of Conduct.
Description
I have a rough implementation for configuring in third party Generic OIDC and have tested it against Google and AzureAD.
Need to test it against Auth0, Okta, Ping and OneLogin. I don't see an issue there though as the only difference I have seen in the field is what scopes are to be sent.
i.e. AzureAd needs openid email profile User.Read
The hanko OAuth2 implementation that is used for the existing ThirdParty's (google, github, apple) is the same one being used with this as well. So, the OIDC is just there to discover the needed urls dynamically through a .well-known/openid-configuration
endpoint.
i.e. accounts.google.com/.well-known/openid-configuration
Describe your ideal solution
This is my current config.yaml
third_party:
redirect_url: http://localhost:8000/thirdparty/callback
error_redirect_url: http://localhost:8888
allowed_redirect_urls:
- http://localhost:8888**
- http://localhost:3000**
providers:
google:
enabled: true
client_id: 1096301616546-edbl612881t7rkpljp3qa3juminskulo.apps.googleusercontent.com
secret: GOC**[REDACTED]**
github:
enabled: true
client_id: e489eb4f05e9f247d8ad
secret: 1bb**[REDACTED]**
generic_oidc_providers:
google_oidc:
authority: https://accounts.google.com
display_name: Google(Generic OIDC Provider)
enabled: true
client_id: 1096301616546-edbl612881t7rkpljp3qa3juminskulo.apps.googleusercontent.com
secret: GOC**[REDACTED]**
scopes: "openid profile email"
require_provider_email_verification: true
mapped_staff_oidc:
authority: https://login.microsoftonline.com/590**[REDACTED]**/v2.0
display_name: Mapped Staff (Generic OIDC Provider)
enabled: true
client_id: 3b918868-9bff-431f-bd9c-f9896d628e6b
secret: hU4**[REDACTED]**
scopes: "openid profile email User.Read"
require_provider_email_verification: false
hidden: true
Workarounds or alternatives
No response
Hanko Version
main
Additional Context
No response