Add support for querying userinfo-endpoint #311
Replies: 6 comments
-
I'm running this use case several times a day using flaat: https://github.com/indigo-dc/flaat
|
Beta Was this translation helpful? Give feedback.
-
A benefit of doing this in collaboration with oidc-agent is that such a solution wouldn't need the token to be a JWT: oidc-agent knows the OP's discovery endpoint. |
Beta Was this translation helpful? Give feedback.
-
We could integrate
The integration should be easy with the existing python lib and less effort than integrating it directly in the agent. Also thematically it fits much better to |
Beta Was this translation helpful? Give feedback.
-
Magic, knowledge and a threadpool combined result in non-JWT ATs to be tested against all known and trusted non-JWT-OPs ;) |
Beta Was this translation helpful? Give feedback.
-
Sure :-) dCache does something similar with non-JWT tokens. Is the list of "all known and trusted non-JWT-OPs" something that comes with flaat, or something that the user has to provide? |
Beta Was this translation helpful? Give feedback.
-
Ok; I've added support to |
Beta Was this translation helpful? Give feedback.
-
It's perhaps not something everyone does, but one thing I find myself doing fairly often is querying an OP's user-info endpoint with a token.
This is just boiler-plate stuff: using openid-configuration to discover the user-info endpoint and calling this with a token.
Would it make sense for oidc-agent to provide an easy way to achieve this?
Beta Was this translation helpful? Give feedback.
All reactions