Skip to content

Use token-endpoint instead of issuer for oauth2 authorization #136

@c-thiel

Description

@c-thiel

Checklist

Describe the problem you'd like to have solved

Some IdPs do not use /oauth/token as a suffix for an oauth2 (not oauth!) token exchange.
Entra-id for example uses /oauth2/v2.0/token even though the old /oauth/token endpoint is still supported for backwards compatibility.

We currently cannot specify these endpoint as the suffix is hard coded:

token_url = f"https://{configuration.api_issuer}/oauth/token"

Describe the ideal solution

Use either a /.well-known/openid-configuration to determine the token endpoint, or, maybe easier, allow users to specify the token endpoint directly (without suffixing it in the code snippet above).

Alternatives and current workarounds

Switch IdP - bad idea :)

References

No response

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions