Preliminary openIdConnect support #4452
Conversation
|
Thanks for the PR but your commit (as shown in the Commits tab) is not linked to your Github account, which means this PR won't count as your contribution in https://github.com/OpenAPITools/openapi-generator/graphs/contributors. Let me know if you need help fixing it. |
|
@wing328: |
aanno2
force-pushed
the
feature/pr-aanno2-oidc
branch
from
6560ce1 to
4256263
Compare
|
Looks like it's causing issues. E.g. haskell client generator: Ref: https://cloud.drone.io/OpenAPITools/openapi-generator/2464 |
|
@aanno2 can you please file a PR (or update this PR) to include only the enhancements without updating all the samples to start with? That will make it easier to review and accept your PR. |
aanno2
force-pushed
the
feature/pr-aanno2-oidc
branch
from
4256263 to
dd74b3a
Compare
|
@wing328: As requested I have updated this PR (a) to the current master and (b) removed the modifications of samples. |
aanno2
force-pushed
the
feature/pr-aanno2-oidc
branch
from
dd74b3a to
6525d0d
Compare
|
I have rebased the PR onto the current master branch. |
|
@aanno2 can you please resolve the merge conflicts when you've time? |
aanno2
force-pushed
the
feature/pr-aanno2-oidc
branch
from
e736983 to
eca2018
Compare
|
@wing328: rebased to master (and sorry for being late) |
|
What are the plans with this? openIdConnect is a well established standard. What are the reasons why this PR seems to be stale since 2 years? |
|
I've got no clue why this has not been merged in time. I have written the changes for a professional project of mine that is still in production. But I even wonder if it is still relevant. Well, I did it as aanno2 (still me) because I had problems to use my normal account due to strange security constraints at my former working place. |
|
IMHO openIDConnect is an important industry standard. |
|
Are you planning on merging this ? OIDC is widely used, and the lack of it's support is a real pain. |
|
Any updates for that ticket? |
PR checklist
./bin/(or Windows batch scripts under.\bin\windows) to update Petstore samples related to your fix. This is important, as CI jobs will verify all generator outputs of your HEAD commit, and these must match the expectations made by your contribution. You only need to run./bin/{LANG}-petstore.sh,./bin/openapi3/{LANG}-petstore.shif updating the code or mustache templates for a language ({LANG}) (e.g. php, ruby, python, etc).master,4.3.x,5.0.x. Default:master.Preliminary openIdConnect support
This is a (somewhat simplistic) approach to include some openIdConnect support into openapi-generator. As openIdConnect is simply a specialization of OAuth2 [1], I extented
CodegenSecurityto include theisOpenIdConnectfield. If this field is set to true,isOAuthis also set true.Openid retrieves most information from
openIdConnectUrl[2]. The JSON available at this URL is specified by the discovery protocol [3]. In the new ClassOpenIdConnect, I retrieve the information and constructCodegenSecurityobjects from it. This means that the openIdConnect discovery stuff is mainly consumed as OAuth2 flows (that are already handled by openapi-generator).This should be enough to fix #4406 and similiar bugs were the fix is simply to treat openIdConnect as some sort of OAuth2.
Certainly this solution could be extended (later) for more openIdConnect specific stuff.
[1] https://blog.runscope.com/posts/understanding-oauth-2-and-openid-connect
[2] https://swagger.io/docs/specification/authentication/openid-connect-discovery/
[3] https://openid.net/specs/openid-connect-discovery-1_0.html