Support falling back to OIDC metadata for auth #1061
+291
−60
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements basic OIDC support for working with authorization servers that don't expose OAuth metadata, following the semantics described in RFC 8414 Section 5.
As part of this change, I modified the internal fallback behavior from a simple boolean flag to instead represent discovery as a stack of methods, which are consumed sequentially until one fallback method succeeds. This also helps clean up the duplicated code from working with
AsyncGenerator
.Motivation and Context
Enables falling back to OIDC 1.0 metadata when a server does not support OAuth metadata according to RFC 8414.
How Has This Been Tested?
Added/updated unit tests.
Breaking Changes
None
Types of changes
Checklist
Additional context
#976