Hello everyone! I am trying to use GitHub as OIDC provider. Docs and code suggest that for OIDC of generic type (I know there is the

github

and

github-app

provider but I need to use generic provider) the issuer url is not required if

auth_utl

and

token_url

are set. This makes sense, especially if a provider does not support connection discovery. If the above assumption is correct, I think there is a bug in kratos since it will always try to read the issue url in the generic provider: https://github.com/ory/kratos/blob/eb67bed1f26d2c7ff10e5481b679b2213b44676d/selfservice/strategy/oidc/provider_generic_oidc.go#L52 I haven't dived into the codebase much, but can someone ack or nack this?

Why do you want to use the generic provider? As you said, there are the dedicated providers, and you should use those instead. The providers that are explicitly implemented are generally diverging from the OIDC spec in some way, so that it is necessary to have a dedicated implementation for them.

The Provider I am trying to implement OIDC against does not have a free trial and I wanted to create a small POC with kratos generic provider to see its actually working and how to set it up to have it integrate correctly. I just happened to use GitHub as my provider of choice. But if the custom implementation do exist because of them not following the spec, it makes sense it is not working.

Ory Hydra can be used with the generic provider, you can quite easily set it up on https://console.ory.sh for free with UI and everything

Thanks! I will try 🙂