-
Notifications
You must be signed in to change notification settings - Fork 26
Pairwise ID relies on sector_identifier_uri in auth request #206
Comments
considering satosa-oidcop I'd suggest to continue working on this branch https://github.com/UniversitaDellaCalabria/SATOSA-oidcop/tree/idpy-oidc and complete the migration to idpy-oidc |
Sorry, I may be lost in the different projects ... what is the difference between IdentityPython/oidc-op and IdentityPython/idpy-oidc ? |
IdentityPython/oidc-op is not mantained anymore, developers efforts are moved to idpy-oidc satosa-oidcop has to switch to idpy-oidc |
Thanks! So idpy-oidc is a rewrite of oidc-op - or a replacement that started as a new project? And where does pyop fit into that picture? Cheers, |
A rewrite pyop Is dead We Need you, please join in the Dev team! |
Hi,
This is partly related to UniversitaDellaCalabria/SATOSA-oidcop#20 and UniversitaDellaCalabria/SATOSA-oidcop#21 (which give some more context).
When trying to use
pairwise
sub_type
with oidcop, I was getting the samesub
values for bothpublic
andpairwise
types - and realised it was becausesector_identifier
being passed bycreate_grant
to the sub functions was an empty string.And I found it's populated with
auth_req.get("sector_identifier_uri", "")
.I managed to set it by explicitly including it as an extra parameter in the Authn request with:
... but this uncovers several issues:
I believe this could be addressed by extending the interface of
create_grant
andcreate_session
to also take asector_identifier
attribute - which would be populated from the client registration database available in the code making these calls (such as OidcOpFrontend).Thanks a lot in advance for considering this.
Cheers,
Vlad
The text was updated successfully, but these errors were encountered: