[mitreid-connect] openid connect with google

Justin Richer jricher at MIT.EDU
Fri Apr 11 19:25:59 EDT 2014


Len,

I haven't personally tried connecting the client to Google yet, but I 
know that Google's implementation is out of spec on one thing: their 
issuer URL isn't a fully qualified URL, but rather just a hostname. They 
pushed the capability with that bug before the bug was caught, and now 
they're a little bit stuck with it until they can figure out how to 
transition people to the "right" version.

I haven't tried this myself and I'm not sure if this will work, but you 
can try this:

You could use a static issuer service and just point it at the Google 
issuer, "accounts.google.com", because I don't think that they do 
webfinger yet. You'd then need a static server configuration that 
includes the values in the openid-configuration document listed below, 
because the dynamic server configuration class won't be able to make a 
full URL out of Google's out-of-spec issuer string. Next, you'll need a 
client configuration, and I'm not sure if Google supports dynamic 
registration or not, but I don't think they do so you might need to 
register a client with google and set up a static client configuration 
bean as well. Wire all of those into your client's RP and try it out.

  -- Justin

On 4/11/2014 7:17 PM, Len Takeuchi wrote:
>
> Hello,
>
> I'm trying to use mitreid-connect to openid connect with google. In 
> google documentation 
> (https://developers.google.com/accounts/docs/OAuth2Login#discovery), 
> they specify that there is a specific URL to get the discovery document:
>
> https://accounts.google.com/.well-known/openid-configuration
>
> I'm trying work out what issuer service implementation I should use. 
> Is it the webfinger issuer service that I should use and the 
> identifier would be "accounts.google.com" or does google having a 
> specific url to get the discovery document not fit with any of the 
> issue service implementation?
>
> Regards,
>
> Len
>
>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20140411/a0f3bf32/attachment.htm


More information about the mitreid-connect mailing list