AppAuth-Android icon indicating copy to clipboard operation
AppAuth-Android copied to clipboard
verified publisher icon openid

Do not require subject_types_supported in discovery documents

Open kalinjul opened this issue 3 years ago • 0 comments

Feature Request

Motivation

We're experiencing issues with an identity provider that does not include subject_types_supported in it's discovery document. This parameter is not used inside the appauth library (both android and iOS) and thus a missing subject_types_supported field should not break functionality.

Description

The field is not used anywhere inside the library and it's even marked as "SHOULD" requirement in some specs [1], a missing subject_types_supported should not lead to an error while parsing the discovery document. The default is also specified:

public: It is the default if the provider has no subject_types_supported element in its discovery document.

However, the discovery spec itself marks the field as REQUIRED [2]. So while there is a mismatch in specs, a library that implements these specs should not fail when it does not even use the value that's in the field.

[1] https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes

[2] https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

Alternatives or Workarounds

Use manual configuration, which does not care about subject_types.

kalinjul avatar Dec 15 '22 15:12 kalinjul