DockYard/openid_connect

New release

edgurgel3p opened this issue · 5 comments

Hey team first I would like to show gratitude for the work that has been done on this library specially for the rework done recently by the Firezone team (#50) as many issues were solved.

I've been using the current master branch and it has been working quite well but I would love to lock in a specific semver version etc. Is there any plan to release a new version on hex?

Thanks in advance

I also want to express gratitude for all this work. I think before a new release happens a lot of work needs to be done on documentation. I'm getting back into coding after a 2 year hiatus and am not exactly an expert on OIDC flows. I am happy to help, but would need someone else to take lead. I am resuming work on a multi-tenant Phoenix app that needs OIDC to be configurable per tenant. Thank you all for developing all of this in the open.

@edgurgel3p have you tried pinning the dependency on a specific git ref [1]?

@AndrewDryga I also noticed that the Firezone auth adapter for OpenIDConnect has PKCE support [2]. I think that would also be an amazing contribution to this library. How much work do you think it would be to update the docs based on your recent changes?

[1] https://hexdocs.pm/mix/1.12.3/Mix.Tasks.Deps.html#module-git-options-git
[2] https://github.com/firezone/firezone/blob/main/elixir/apps/domain/lib/domain/auth/adapters/openid_connect.ex#L62

@wtcross I ended up forking and I'm using a private hex org because I needed to use openid_connect as a dependency to another library and hex + git do not work together. You can't publish a library that depends on a git repo.

The PKCE question wasn't directed to me but from my perspective PKCE, state and nonce (ID token validation) is better done outside this library as it depends on how it's stored by the application. Ueberauth handles state as a cookie already for example.

Hello, thanks for the library. I would, also, like to know if there is a plan in releasing new version? The last version v0.2.2 on hex.pm still depends on old httpoison ~> 1.2 which many of the libraries I use no longer do, thus, blocking an upgrade of several apps...

Thanks

the eef has released their open openid connect library. I would suggest checking that out.

the eef has released their open openid connect library. I would suggest checking that out.

Oh, thank you very much for the info..