Open ID Connect

[synotna]

Am I correct in understanding that Open ID Connect ( http://openid.net/connect/ ) is not supported yet?

[omab]

You are right, it's not supported yet.

[synotna]

Has any work already been done towards it, or do you have any idea how difficult it will be to implement with the existing structure?

[omab]

I have no idea, wasn't aware of this stuff until you pointed that, it's probably not very hard to implement, just need time to review and plan the work.

[synotna]

I've found only one other Python implementation so far, https://github.com/rohe/pyoidc

The other libraries seem to be in the same situation

Thanks!

[omab]

Checking the protocol definition and the the basic client implementation, it's really similar to OAuth2 backends but with the forced openid scope set, so I wonder if that's pretty much what we need to make it work.

Google already implements this protocol AFAIK, so this will be useful to test it:

SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = ['openid']
SOCIAL_AUTH_GOOGLE_OAUTH2_EXTRA_DATA = ['id_token', 'refresh_token']

[synotna]

Google Open ID Connect is now working for me, and our in house open id once I configured it to use the Authorization header method

That is the preferred method by Google, https://developers.google.com/accounts/docs/OAuth2WebServer#callinganapi so maybe it is best to change the defaults?

Thanks for getting it working so quickly!

[synotna]

When will you push the update to pypi? :)

[omab]

I don't have a date yet, I need to work in the docs and update and comment about the backward incompatible changes.

[kakky]

I tried it.
https://gist.github.com/kakky/6809432

[clintonb]

I combined the work of @omab and @kakky to make an extendable OpenIdConnect consumer for a project I am working on: https://gist.github.com/clintonb/6ee13e39ca6cc5c56c49.

[omab]

Fix already merged.