Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Wrong error issued with OpenID Connect security schema
See original GitHub issueAn OpenID Connect schema does require only two fields:
securitySchemes:
OpenIdC:
type: openIdConnect
openIdConnectUrl: http://172.17.0.2:8080/.well-known/openid-configuration
Then in a Path we need to refer to a security schema using securitytag:
security:
- OpenIdC:
- admin <------ error issued here
But editor is wrongly issuing an error as the schema were oAuth2: "admin" does not match any scope name defined in the OpenIdC security scheme.
Issue Analytics
- State:
- Created 5 years ago
- Comments:6
Top Results From Across the Web
bug:enable openid-connect plugin without redirect_uri got ...
The reason could be that the openid-connect plugin probably checks if the user requested URI is identical to redirect_uri and if that is...
Read more >TroubleShoot: OpenID Connect, WebSphere traditional - IBM
This topic contains error messages and common issues that require an OpenID Connect trace to determine the root cause of the problem.
Read more >Authentication failed with OpenID connect - Forum - One Identity
Hello All,. We have integrated One Identity Manger with Forgerock AM . Once we enter the URL of the Web portal it redirects...
Read more >Troubleshoot OpenID Connect - Tableau Help
This error typically means that there is a mismatch between a username stored in Tableau Server and the username provided by the IdP....
Read more >OpenID Connect FAQ and Q&As
OAuth 2.0, is a framework, specified by the IETF in RFCs 6749 and 6750 (published in 2012) designed to support the development of...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@tedepstein, for me actually just not throw an error when not providing a scope its ok for now.
But as I’m moving my application to OID, I investigated many OpenID Connect standard providers and all of then uses the
/.well-known/openid-configurationfor example, take a look on the path provided by MS Azzure: https://login.windows.net/common/.well-known/openid-configuration
and for google: https://accounts.google.com/.well-known/openid-configuration
@cvgaviao , sorry for the delay. I have opened an issue here to get some clarification on the spec:
These other open issues suggest that OpenAPI may still be trying to figure out how to model the complex relationship between OIDC and OAuth, and the meaning of the scopes array in Security Requirements Object:
Maybe we’ll see some refinements to this in future versions of the OpenAPI spec.
In the meantime, I think the safe thing to do is to limit the validation to apply only to security requirements for oauth2-typed security schemes. We will try to get this fix into the next patch release.