Req: metadata and id_token on OAUTH Token Response

Good Day All,

I’m currently trying to implement OAUTH authentication using the apache module mod-auth-openidc.

I’d like to request two things;

  1. Metadata file - this would allow automatic configuration of endpoints, and as Twitch updates item, it would be simple to keep the metadata file updated - Google’s metadata file is found here ( ) as an example.

  2. id_token parameter on result from token request. This appears to be a blocker for me, as the mod-auth-openidc requires it. The best documentation I can find regarding this is – It would allow basic user information without requiring a third request to get this information.

Thoughts? Comments?

Jason “CoolAcid” K.

Twitch uses OAuth 2.0 not OpenID - they are two separate, not really compatible systems with different purposes.

Thanks - I’ve very aware of the differences. Does not remove my original request as they both are related to adding an OAUTH 2.0 endpoint. Don’t get hungup on the file name.

From the stackoverflow link:

OpenID Connect is an authentication layer on top of OAuth2. When exchanging a authorization code at Google’s token endpoint, you get an access token (the access_token parameter) as well as an OpenID Connect ID token (the id_token parameter).

We do not currently support OpenID Connect, nor do we have any plans to.

Thanks @Fugiman for the response - Would it be possible to at least implement the id_token parameter from the token request? Thus, reducing an extra API call, and giving some support to existing authentication solutions.

I would not feel comfortable trying to fake support for OpenID Connect by providing an id_token that may or may not be what existing OpenID Connect integrations expect. If we’re going to try and support this use case, we should do it properly.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.