Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ProviderMetadata::discover_with_options and "common" Entra example #183

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add ProviderMetadata::discover_with_options and "common" Entra example #183

wants to merge 2 commits into from

Conversation

phy1729
Copy link

@phy1729 phy1729 commented Sep 15, 2024

#179 handles the case for an Entra application that allows signins from a single tenant. For Entra applications that allow signins from personal and enterprise accounts, the https://login.microsoftonline.com/common/v2.0 issuer is used which returns a metadata document with issuer set to https://login.microsoftonline.com/{tenantid}/v2.0.

This PR adds ProviderMetadata::discover_with_options and ProviderMetadata::discover_async_with_options to disable the issuer validation required by the OIDC spec. I think this is more discoverable than the proposed route in #122 of wrapping http_client to munge the response.

In the example require_issuer_match is disabled on the IdTokenVerifier because the ID token has the iss claim set with the specific tenant ID of the account which is not a static value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@phy1729