Public bug reported: The documentation for setting up OIDC says to use id_token in OIDCResponseType instead of code (or omitting the line entirely since code is the default).
https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html#configuring- apache-httpd-for-mod-auth-openidc Using implicit grant is not recommended as https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security- topics-09 What is recommended is Authorization Code with PKCE. ** Affects: keystone Importance: Undecided Status: Triaged ** Tags: documentation federation -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/2027729 Title: Federation docs for OIDC recommend implicit grant Status in OpenStack Identity (keystone): Triaged Bug description: The documentation for setting up OIDC says to use id_token in OIDCResponseType instead of code (or omitting the line entirely since code is the default). https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html#configuring- apache-httpd-for-mod-auth-openidc Using implicit grant is not recommended as https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security- topics-09 What is recommended is Authorization Code with PKCE. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2027729/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
