Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(selfservice/strategy/oidc): add spotify provider #1985

Closed
wants to merge 2 commits into from
Closed

feat(selfservice/strategy/oidc): add spotify provider #1985

wants to merge 2 commits into from

Conversation

xkisu
Copy link
Contributor

@xkisu xkisu commented Nov 24, 2021
edited
Loading

This pull request adds a self-service OIDC provider for Spotify's accounts API and supporting documentation.

While Spotify makes it appear that they support OIDC and they provide a discovery URL, they do not actually support OpenID Connect. Any attempt to use an OIDC client with Spotify will result in errors from Spotify about the openid scope, which makes it incompatible with Kratos' "generic" provider as it understandably injects the openid scope into the list of scopes you configure it with.

This pull request adds a new provider to the OIDC strategy that creates a suitable oauth2 configuration for Spotify's nuances and then uses the Spotify API to retrieve the user's profile and account information.

Related issue(s)

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security. vulnerability, I
    confirm that I got green light (please contact
    [email protected]) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

Originally I thought it would be possible to use the generic OIDC provider to interface with Spotify, but I quickly realized that their OpenID Connect implementation was not an actual implementation that was up to spec, and at best was very basic OAuth2.

Due to not being an actual OpenID Connect provider, the Spotify accounts API did not work directly with OIDC's generic provider because of the required openid scope not being supported by Spotify (despite Spotify indicating otherwise) and lacking claims in the response data due to an additional API call being required to retrieve the account information from Spotify.

aeneasr
aeneasr reviewed Nov 26, 2021
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sweet! As far as I can tell this looks good to go for me :)

@xkisu
Copy link
Contributor Author

xkisu commented Nov 26, 2021

Sweet! As far as I can tell this looks good to go for me :)

Oh awesome! I'd left it as a draft while I was trying to figure out if I needed an issue with a design document for it or not

@xkisu xkisu marked this pull request as ready for review November 26, 2021 14:39
@xkisu xkisu requested a review from zepatrik as a code owner November 26, 2021 14:39
@aeneasr aeneasr mentioned this pull request Dec 6, 2021
Merged
7 tasks
@aeneasr aeneasr closed this in #2024 Dec 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr left review comments

@zepatrik zepatrik Awaiting requested review from zepatrik

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xkisu @aeneasr