[extension/oidcauthextension] Fixes oidc extension skip client id check #36568
Assignees
Labels
Comments
zeck-ops
added
enhancement
|
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
zeck-ops
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Component(s)
extension/oidcauthextension
Is your feature request related to a problem? Please describe.
My work is using AWS cognito, and we have a large number of client ids / audiences / app ids. Imagine a business with large business customers, that ended up having their own client ids.
For OTEL, we do not care what the audience is, we just want requests to be authenticated with the user pool.
Describe the solution you'd like
go-oidc has a SkipClientIdCheck property, that we would like to use through the collector.
Describe alternatives you've considered
The alternative with the collector at the moment seems like listening on a different port for each audience. The application would need to know which audience it was in, and which port to send to. This is not very feasible.
Or another alternative is not using the oidc extension and handling oidc authentication with like a reverse proxy or something before the collector.
The text was updated successfully, but these errors were encountered: