The OpenID Connect specifies that all providers must return a JSON
discovery document [1] in a well-known location. We can let the user
pass this document instead of the individual endpoints (i.e. token and
authorization endpoint). Moreover, we can also check if the requested
grant_type (implicit to the used plugin, and one of client_credentials,
password, authorization_code) is supported by the provider before
starting the auth flow.
Reviewed: https:/ /review. openstack. org/330464 /git.openstack. org/cgit/ openstack/ keystoneauth/ commit/ ?id=00746ea636f 8cece848644100b 5a340d062b61f4
Committed: https:/
Submitter: Jenkins
Branch: master
commit 00746ea636f8cec e848644100b5a34 0d062b61f4
Author: Alvaro Lopez Garcia <email address hidden>
Date: Thu Jun 16 10:33:52 2016 +0200
oidc: add discovery document support
The OpenID Connect specifies that all providers must return a JSON
discovery document [1] in a well-known location. We can let the user
pass this document instead of the individual endpoints (i.e. token and
authorization endpoint). Moreover, we can also check if the requested
grant_type (implicit to the used plugin, and one of client_credentials,
password, authorization_code) is supported by the provider before
starting the auth flow.
[1] https:/ /openid. net/specs/ openid- connect- discovery- 1_0.html# ProviderMetadat a
Fixes-bug: #1583682 f45552c0ab5541d 92122d1d560
Change-Id: I24b7960b25ddcf