feat: update Yandex and VK OIDC #4158
Open
+219
−60
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
VK provider: Support PKCE
It seems like VK doesn't provide
/.well-known/openid-configuration
(VK doesn't support OpenID).So to use PKCE it's needed to be enabled with:
VK provider: Support returning
phone_number
inclaims
VK offers different endpoints for PKCE and non-PKCE configuration.
Token endpoint that is used in non-PKCE configuration can return
email
but notphone
.Extra endpoint
https://id.vk.com/oauth2/user_info
can be used to retrieveemail
andphone
, but it doesn't acceptaccess_token
that was returned from non-PKCE token endpoint.So to retrieve a phone, PKCE is required to be enabled:
Additional info:
I added
AccessTokenURLOptions(r *http.Request) []oauth2.AuthCodeOption
to OAuth2Provider interface.It works like
AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
but it's dedicated to update a token URL.VK requires passing
device_id
URL param (that is received by a callback) to PKCE token endpoint. Without this change it's impossible.I updated all the other OIDC providers to comply with the updated interface.
Yandex provider: Support returning
phone_number
inclaims
No extra configuration is needed.
Related issue(s)
Fixes: #4147
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
[email protected]) from the maintainers to push
the changes.
works.
Further Comments