It looks like OpenID have added a fancy new spec based on OAuth2. Any chance of getting this integrated.
The recommended library for python support is https://github.com/rohe/pyoidc
I have to read up a bit on OpenID connect. I only briefly scanned some articles, and I was under the impression that some things like OAuth endpoint URLs were either standardized and/or discoverable. If so, allauth could implement OpenID connect support in a more generic way (simply one OpenID connect provider, versus multiple specific ones like done in #629). But, I first I need to find some time to digest the spec ...
You can easily implement a OIDC basic-flow client by just using a standard OAuth2 library.
e.g.:
```import json
from pyoauth2 import Client
CLIENT_ID = 'THE ID'
CLIENT_SECRET = 'A SHARD SECRET'
REDIRECT_URL = 'http://your-page-to-get-secret-or-error'
SCOPE = 'openid profile address email phone' # dependant on the provider, and their permissions for you
client = Client(CLIENT_ID, CLIENT_SECRET,
site='https://some-site/oidc/',
authorize_url='https://some-site/oidc/auth',
token_url='https://some-site/oidc/token')
print '-' * 80
authorize_url = client.auth_code.authorize_url(redirect_uri=REDIRECT_URL, scope=SCOPE)
print 'Go to the following link in your browser:'
print authorize_url
code = raw_input('Enter the verification code and hit ENTER when you re done:')
code = code.strip()
access_token = client.auth_code.get_token(code, redirect_uri=REDIRECT_URL)
print 'token', access_token.headers
print '-' * 80
print 'get user info'
ret = access_token.get('userinfo')
print json.dumps(ret.parsed, indent=4, sort_keys=True)
```
This is safe as long as you also verify the SSL cert.
pyoidc implements all the functionality you would need to offer a complete OIDC ID provider.
@grigi but still django-aullauth should support this out of the box.
@grigi this should also support the webfinger part of the spec, so that users can just type their email address and have the OIDC config be auto-discovered.
@graingert I was not saying it shouldn't be supported by django-allauth, just what an absolute minimum implementation entails.
Also, supporting the auto-discovery part of the spec significantly complicates the implementation, and an initial implementation using a generic OIDC service will help quite a bit already. E.g. using a modern AD.
Is this something on the roadmap?
Two years since the last comment. Again, is this something on the roadmap?
Most helpful comment
Is this something on the roadmap?