Skip to content

Remove OIDC, use OAuth + PKCE with attributes endpoint#5

Open
antspriggs wants to merge 2 commits intomasterfrom
remove-oidc-use-oauth-pkce
Open

Remove OIDC, use OAuth + PKCE with attributes endpoint#5
antspriggs wants to merge 2 commits intomasterfrom
remove-oidc-use-oauth-pkce

Conversation

@antspriggs
Copy link
Contributor

@antspriggs antspriggs commented Mar 6, 2026

Summary

  • Remove all OIDC/OpenID Connect code paths and simplify the SDK to exclusively use OAuth 2.0 Authorization Code with PKCE
  • Use the /api/public/v3/attributes.json endpoint as the sole user data source (drop /api/public/v3/userinfo)
  • Delete 10 files (IDmeAuthMode, OIDCDiscovery, UserInfo, JWTValidator, JWKSClient, RSAKeyConverter, JWKS, NonceGenerator, and associated tests)
  • Simplify IDmeAuth, configuration, credentials, error types, auth requests, and the demo app
  • Rewrite README as a 6-step customer integration guide with demo app references

Test plan

  • swift build succeeds
  • swift test passes (59 tests)
  • Demo app builds, installs, and launches on iOS Simulator
  • Verify login flow works end-to-end in the demo app
  • Verify attributes are fetched and displayed correctly after login

🤖 Generated with Claude Code

@antspriggs @claude
Remove OIDC support, use OAuth + PKCE exclusively with attributes end…
3253ff4 
…point

Drop all OIDC/OpenID Connect code paths and simplify the SDK to only use
OAuth 2.0 Authorization Code with PKCE. The attributes endpoint
(/api/public/v3/attributes.json) is now the sole user data source.

Deleted:
- IDmeAuthMode enum (oauth/oauthPKCE/oidc)
- OIDC models: OIDCDiscovery, UserInfo
- JWT validation: JWTValidator, JWKSClient, RSAKeyConverter, JWKS, NonceGenerator
- Associated test files

Simplified:
- IDmeAuth: removed jwksFetcher, userInfo(), ID token validation, auth mode branching
- IDmeConfiguration: removed authMode parameter
- Credentials/TokenResponse: removed idToken field
- AuthorizationRequest/GroupsRequest: always use PKCE, no nonce
- IDmeScope: removed openid/profile/email scopes
- IDmeEnvironment: removed discoveryURL/jwksURL
- IDmeAuthError: removed OIDC-specific error cases
- Demo app: removed auth mode picker, OIDC display branches
- README: rewritten as 6-step integration guide with demo app references

Co-Authored-By: Claude Opus 4.6 <[email protected]>
@antspriggs antspriggs requested review from a team as code owners March 6, 2026 13:14
@service-idme-github
Copy link

service-idme-github commented Mar 6, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@gitstream-cm
Copy link

gitstream-cm bot commented Mar 6, 2026

gitStream Summary

Estimated Review Time: 10 min
Unresolved threads: 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ALeoLeonard ALeoLeonard ALeoLeonard approved these changes

@seftena seftena seftena approved these changes

Assignees

No one assigned

Labels

0 unresolved thread(s) 10 min review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@antspriggs @service-idme-github @ALeoLeonard @seftena