phil/ezidam
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

openid: same sub for all clients

Browse source
This commit is contained in:
Philippe Loctaux 2023-03-22 19:11:38 +01:00
parent 2f32818a72
commit 228b86f5a3
1 changed files with 1 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
crates/openid/src/configuration.rs
View file

@ -24,12 +24,7 @@ pub fn configuration(base_url: &str) -> Result<Value, Error> {
JsonWebKeySetUrl::from_url(jwks_uri), JsonWebKeySetUrl::from_url(jwks_uri),
// Supported response types (flows). // Supported response types (flows).
crate::supported_response_types(), crate::supported_response_types(),
// For user privacy, the Pairwise subject identifier type is preferred. This prevents vec![CoreSubjectIdentifierType::Public],
// distinct relying parties (clients) from knowing whether their users represent the same
// real identities. This identifier type is only useful for relying parties that don't
// receive the 'email', 'profile' or other personally-identifying scopes.
// The Public subject identifier type is also supported.
vec![CoreSubjectIdentifierType::Pairwise],
vec![CoreJwsSigningAlgorithm::RsaSsaPssSha256], vec![CoreJwsSigningAlgorithm::RsaSsaPssSha256],
// OpenID Connect Providers may supply custom metadata by providing a struct that // OpenID Connect Providers may supply custom metadata by providing a struct that
// implements the AdditionalProviderMetadata trait. This requires manually using the // implements the AdditionalProviderMetadata trait. This requires manually using the