Hello, we're integrating Kratos with a third party...
# talk-kratos
w
Hello, we're integrating Kratos with a third party generic OAuth2 provider, however, said provider doesn't implement OpenID. Is there a way to still use it? Looking at kratos' source code, I can see that it uses a library for OpenID which tries to query
.well-known/openid-configuration
which fails in our use case (because it returns 404).
p
Hi @wooden-knife-21216 if the third party provider implements OAuth2.0 then i think there is a way to add the provider to Kratos. But it will require som code
w
I'm listening 😄
p
I believe there is an example of this for the gitlab provider and requires some manual http requests to get the claims since it isn't an OpenID compatible provider. https://github.com/ory/kratos/blob/47799098b35ea1cf5a1163f57d872a5bb2242d97/selfservice/strategy/oidc/provider_gitlab.go#L1-L105
you can implement your provider similarly and add it to Kratos
w
would this require our company forking Kratos and using our fork instead?
we're not really looking into contributing the changes back to upstream, as it's a private oauth provider
p
then yes, you would need to fork it and run the fork.
w
right, I see
p
the other option is to get the third party provider to be openID compatible 🙂
w
yup, was about to ask
is it complicated to be openid compatible if you're already oauth2 compatible?
from what I understand, there's the /.well-known/openid-configuration endpoint
not sure what else
p
well openID is just a small layer on top of OAuth2.0, but how much work that would be, would be dependent on the third party's current implementation. it might be profitable to look into using Ory Hydra for that instead if it would take too long to change the implementation to make it openID compatible. but that's up to the third party i guess 🙂
w
right, I see, thanks
to be precise, are we talking about OpenID or OpenID Connect?
from what I understood, they are 2 slightly different things
p
OpenID connect