mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-16 10:33:11 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove the check for claims_supported in OpenID Connect SSO.

Browse source 
This is speced as "not exhaustive" and "optional", which means it's
completely meaningless for standard claims.

* https://github.com/goauthentik/authentik/issues/3702
* https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
This commit is contained in:
Tommie Gannert 2022-10-04 12:15:07 +02:00
parent 7ceb276970
commit 1c17c20097
1 changed files with 0 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
clientapi/auth/sso/oidc.go
View file

@ -123,7 +123,6 @@ type oidcDiscovery struct {
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
ScopesSupported []string `json:"scopes_supported"`
ClaimsSupported []string `json:"claims_supported"`
}
func oidcDiscover(ctx context.Context, url string) (*oidcDiscovery, error) {
@ -167,14 +166,6 @@ func oidcDiscover(ctx context.Context, url string) (*oidcDiscovery, error) {
}
}
if disc.ClaimsSupported != nil {
for _, claim := range []string{"iss", "sub"} {
if !stringSliceContains(disc.ClaimsSupported, claim) {
return nil, fmt.Errorf("claim %q is not supported in %q", claim, url)
}
}
}
return &disc, nil
}