Oidc

[gedw99]

zitadel/zitadel-go#236

I suggested your repo as a basis / example.

Maybe you also interested in a generic oidc / oath system based on htmx.

Zitadel also supports passkeys and other fancy stuff

[Darkness4]

I'm familiar with OIDC, especially since I use one (Keycloak) in my company, but I'm a bit rusty. It seems that zitadel is something similar.

As I understand it, OIDC is an identity provider with OAuth2 capability. I can use the OAuth2 flow easily by parsing the discovery document (google example), and instead of calling the Github API to verify and retrieve user information, I can use the ID token, validate it by verifying a signature and certificates and retrieve user information using the OIDC-compliant scope.

While it seems interesting to extend the experiment to OIDC, it's a shame that Github doesn't support OIDC. I may extend the example with Google Auth, through.

Theorically, it looks like I must:

1. Change the scope of the login function and add openid profile email.
2. Remove any hard-coded value about authorizationURL, userURL etc... and use the discovery document.
3. Parse and verify the ID token in my getCurrentUser instead of calling the Github API.

To be fair, I should use the go-oidc package instead. And I should have used the package oauth2. Right now, the implementation is very "naive".

[Darkness4]

Support added with go-oidc and oauth2: 829a866