All geek questions in one place

OpenID Connect Configuration for Facebook

Google has implemented the OpenID Discovery Spec in https://accounts.google.com/.well-known/openid-configuration , which allows developers and users to find the necessary URLs and keys for OpenID authentication.

I was wondering what Facebook is and maybe other (e.g. Microsoft Live) equivalents, so I can use Facebook and others in a standard way.

SalesForce also has a discovery url https://login.salesforce.com/.well-known/openid-configuration

+6
source share
3 answers

Facebook login mechanism / protocol is not based on OpenID Connect. Facebook uses the proprietary OAuth 2.0 extension, but it is not the standardized one that OpenID Connect indicates. Therefore, it makes no sense to expect Facebook to publish OpenID Connect Discovery documents, unlike Google and Salesforce, which adhere to the standard.

+4
source

Here is the OpenID Connect discovery URL for Microsoft Azure AD:
https://login.windows.net/common/.well-known/openid-configuration

More info here .

+2
source

There is still a trace of some OpenIDs on Facebook:

$ curl -i https://facebook.com/.well-known/openid-configuration HTTP/1.1 301 Moved Permanently Location: https://www.facebook.com/.well-known/openid-configuration Strict-Transport-Security: max-age=15552000; preload Vary: Accept-Encoding Cache-Control: public, max-age=2592000 Content-Type: text/plain Server: proxygen Date: Fri, 20 May 2016 12:37:43 GMT Connection: keep-alive Content-Length: 0

But the redirect URL results in a lot of 404 fat.

This url is the only one I came across while sticking to /. well-known / standard. Google, Microsoft and Salesforce add either a subdomain or a subitem.

If major players had the same url format, we could really implement OpenID Connect truly open without having to implement each individual OpenID Connect provider.

-2
source

Source: https://habr.com/ru/post/971323/

More articles:


All Articles