Details
-
New Feature
-
Resolution: Fixed
-
Major
-
None
-
None
Description
Prior to Hydrogen, the OIDC library "go-oidc v2.0.0" was used in Sync Gateway to support authentication using OpenID Connect authentication protocol and Sync Gateway does support querying OpenID Provider configuration from non-standard discovery endpoints. But a number of compatibility issues have been identified that are related to this ODIC library. We are in the process mitigating these issues and upgrading the OIDC library to latest version "go-oidc v2.2.1" which internally uses native oauth2 library. The latest OIDC library doesn't have any way to specify non-standard discovery endpoints and hence Sync Gateway will not support querying OpenID Provider configuration from non-standard discovery endpoints since Hydrogen.
Non-standard Discovery Endpoint: As per the OpenID Discovery specification, OpenID Providers supporting Discovery MUST make a JSON document available at the path formed by concatenating the string /.well-known/openid-configuration to the Issuer. A non-standard discovery endpoint is an OpenID Connect discovery endpoint with the path not obtainable by concatenating the string /.well-known/openid-configuration to the Issuer.