Another really quick update…

I’ve just pushed a small but important fix to the Known OAuth2 server plugin, which means it will now properly work with third party apps.

I’m not entirely sure when I managed to break this, but anyhow, it works now!

Package, and Known core dependencies have been updated.

» Visit the project on Github...

Very quick update, as part of some paid Known development, I’ve made a few important updates to the Known OAuth2 client.

Essentially, this is to make it work better with non-OIDC (Open ID Connect) clients, and with those servers that don’t support Owner Info endpoints.

Folks following the GitHub HEAD release of Known should get this in their next composer update, but for other folks I’ll build a new unofficial release soon.

Have a great weekend folks!

» Visit the project on Github...

OpenID connect (OIDC) is a simple extension to the OAuth2 protocol, which lets a server include more information about the authenticated user (canonical ID, username, email, etc).

At the very simple level, this lets you quickly populate a new user account without making additional requests. However, since these ID tokens are signed, it lets you do a whole lot more.

For example, you can pass these tokens around when making API requests in a modern micro service environment – each micro service will be able to securely authenticate the user that is making the request independently.

Known has had OAuth support (client and server) for a while now, but recently I’ve extended both to support OIDC.

The client will validate and use OIDC tokens when authenticating against a server, and the Known OAuth server will now generate OIDC tokens for users authenticating against a Known OAuth2 application.

Requesting OIDC from the client

OIDC tokens are not automatically provided, so you need to request them. Do this by adding openid to your list of scopes. I also suggest you add email and profile to your scopes too, so you get some actually useful information about the authenticating user.

You’ll also need to provide a URL for where to get the public key for the issuing server. This isn’t terribly slick, but I intend to improve this going forward with some nice auto discovery.

» Visit the project on Github...

Issuing OIDC from the server

All new applications will have the necessary information to start issuing OIDC tokens.

A new key pair will automatically be generated, and you’ll be able to get public key information from:

https://mysite.com/oauth2/CLIENTID/key/

» Visit the project on Github...