Missing /.well-known/openid-configuration endpoint

• /.well-known/openid-configuration: there is no such endpoint (adding endpoint in frappe is /api/method/dot.path.to.function), as a workaround we either need to reverse proxy it on nginx and have some endpoint, or add code to frappe to allow such endpoint. or just add /api/method/frappe.integrations.oauth2.openid_configuration
• Frappe has OAuth 2.0 Provider only (PKCE not there from OAuth 2.1), It is not compliant with OIDC 1.0 spec.
• there is no client-credential grant.
• I had put id_token as a monkey patch, The py2 to py3 happened and that added b'' and it’s not tested in test_oauth20.py so nothing got noticed.
• https://github.com/frappe/frappe/blob/develop/frappe/integrations/oauth2.py this file has all the endpoints as well as the code that patches id_token to bearer_token, fix that if you need.
• you can change https://github.com/frappe/frappe/blob/develop/frappe/integrations/doctype/oauth_client/oauth_client.py for length of secret.

Do send PR and tag me if you change anything.

For more compliant OAuth2+OIDC use one of the following.

• My Project.
• Redhat’s Keycloak
• Gluu
• dex (extend any OAuth 2.0 provider with it)

Configure one of these as Social Login Key and the integration will be seamless. If you need tokens from Frappe OAuth 2.0 provider for making user requests, they will also be issued even after logging in with social login key.

OK. My opinion here is that the OAuth endpoints are pretty much broken. There seems to be too many elements missing or their implementation is counter-productive to its usage:

• The client secret is 10 characters long, and cannot be edited. M$ is requiring a min. of 16 characters)
• IAT claim is missing from the JWT

I have not gotten further, but I need to put further work on this on-hold until I can get further along.