[All SDKs] OAuth token endpoint should be configurable and/or support oidc discovery

Question

[All SDKs] OAuth token endpoint should be configurable and/or support oidc discovery

le-yams opened this issue a year ago · 3 comments

Description

For clients using OAuth2 credentials, the token endpoint is currently hardcoded in all SDKs (with /oauth/token value).
Could it be possible to make it configurable? Or even better support oidc discovery?

I'm willing to contribute if that's something you would be interested in :)

Steps to take

Change the apiTokenIssuer field in the configuration to accept a full URL.
So:

`ApiTokenIssuer`	Endpoint SDK will hit
`issuer.fga.example`	`https://issuer.fga.example/oauth/token`
`https://issuer.fga.example`	`https://issuer.fga.example/oauth/token`
`https://issuer.fga.example:8080`	`https://issuer.fga.example:8080/oauth/token`
`issuer.fga.example/some_endpoint`	`https://issuer.fga.example/some_endpoint`
`https://issuer.fga.example/some_endpoint`	`https://issuer.fga.example/some_endpoint`
`https://issuer.fga.example:8080/some_endpoint`	`https://issuer.fga.example:8080/some_endpoint`

Of course, we'll need to do some of the validations to ensure e.g. users are passing fields with https or http (and not e.g. ftp) and that the full url is valid

Related Issues

.NET SDK issue: openfga/dotnet-sdk#30
(duplicate) #197

SDKs to be updated

Answer 1 · 2023-11-30T08:20:19.000Z

I opened the PR #240 for the Java SDK. I have prepared all other SDKs (go, js, dotnet and python) but I'll wait your review on this one before submitting them 😃.