Comment by __mattya
8 months ago
OIDC is what fixes the “dog breakfast” criticism. With OIDC you (in theory) don’t have to write custom modules per provider anymore.
8 months ago
OIDC is what fixes the “dog breakfast” criticism. With OIDC you (in theory) don’t have to write custom modules per provider anymore.
It would fix a lot of the provider specific aspects of OAuth2, if the spec would be more strict on some claim (attribute) names on the jwt ID token. Some provide groups, some don't. Some call it roles or direct_groups. Some include prefered_username, some don't. Some include full name, some don't and don't get me started on name and first_name.
If you implement OIDC you must certainly provide a configurable mapping system for source claim name to your internel representation of a user object.
That sounds bad. Why would they under specify all that??
It’s hard / impossible to write a perfect spec maybe?
Or OAuth2 had a specific use case but has since been wrestled to do anything auth related