OpenID Connect Configuration for Facebook

Google had implemented OpenID Discovery Spec at https://accounts.google.com/.well-known/openid-configuration which allows developers and users to find the necessary URLs and keys for OpenID authentication.

I was wondering what the Facebook and possibly other (eg Microsoft Live) equivalents are so I can use Facebook and others in a standard fashion.

SalesForce also has a discovery URL https://login.salesforce.com/.well-known/openid-configuration


Facebook's login mechanism/protocol is not based on OpenID Connect. Facebook uses a proprietary extension of OAuth 2.0 but it is not the standardized one that OpenID Connect specifies. Hence there's no point in expecting Facebook to publish OpenID Connect Discovery documents, unlike Google and Salesforce that do adhere to the standard.


Here is the OpenID Connect Discovery URL for Microsoft Azure AD:
https://login.windows.net/common/.well-known/openid-configuration

More information here.


Facebook still has a trace of some OpenID:

$ curl -i https://facebook.com/.well-known/openid-configuration
HTTP/1.1 301 Moved Permanently
Location: https://www.facebook.com/.well-known/openid-configuration
Strict-Transport-Security: max-age=15552000; preload
Vary: Accept-Encoding
Cache-Control: public, max-age=2592000
Content-Type: text/plain
Server: proxygen
Date: Fri, 20 May 2016 12:37:43 GMT
Connection: keep-alive
Content-Length: 0

But the redirect url leads to a big fat 404.

This url btw is the only one I've come across that adheres to the /.well-known/ standard. Google, Microsoft and Salesforce add either a sub-domain or a sub-path.

If the big players had the same url format, we could actually implement OpenID Connect in a truly open way, not having to implement every single OpenID Connect provider separately.

链接地址: http://www.djcxy.com/p/21286.html

上一篇: Android Studio 0.8中的单元测试

下一篇: 面向Facebook的OpenID Connect配置