I'm curious about the same site thing too. @aaronpk already dove into the protocol and found pretty vanilla OIDC impl with a ECDSA private_key_jwt authentication type.
So far there's no docs on what you can do with the access token. I suspect using it may require also including the client_secret which is a signed JWT, or who knows. Here's the working code: github.com/aaronpk/sign-in-w…
Not that I've been able to find! Also can't find their userinfo or introspection endpoints. I also had to guess their authorization endpoint because it's not in their docs.
Jun 3, 2019 · 11:29 PM UTC
1