[mitreid-connect] openid connect with google
Justin Richer
jricher at MIT.EDU
Fri Apr 11 19:25:59 EDT 2014
Len,
I haven't personally tried connecting the client to Google yet, but I
know that Google's implementation is out of spec on one thing: their
issuer URL isn't a fully qualified URL, but rather just a hostname. They
pushed the capability with that bug before the bug was caught, and now
they're a little bit stuck with it until they can figure out how to
transition people to the "right" version.
I haven't tried this myself and I'm not sure if this will work, but you
can try this:
You could use a static issuer service and just point it at the Google
issuer, "accounts.google.com", because I don't think that they do
webfinger yet. You'd then need a static server configuration that
includes the values in the openid-configuration document listed below,
because the dynamic server configuration class won't be able to make a
full URL out of Google's out-of-spec issuer string. Next, you'll need a
client configuration, and I'm not sure if Google supports dynamic
registration or not, but I don't think they do so you might need to
register a client with google and set up a static client configuration
bean as well. Wire all of those into your client's RP and try it out.
-- Justin
On 4/11/2014 7:17 PM, Len Takeuchi wrote:
>
> Hello,
>
> I'm trying to use mitreid-connect to openid connect with google. In
> google documentation
> (https://developers.google.com/accounts/docs/OAuth2Login#discovery),
> they specify that there is a specific URL to get the discovery document:
>
> https://accounts.google.com/.well-known/openid-configuration
>
> I'm trying work out what issuer service implementation I should use.
> Is it the webfinger issuer service that I should use and the
> identifier would be "accounts.google.com" or does google having a
> specific url to get the discovery document not fit with any of the
> issue service implementation?
>
> Regards,
>
> Len
>
>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20140411/a0f3bf32/attachment.htm
More information about the mitreid-connect
mailing list