Is your feature request related to a problem? Please describe.

When querying the Clients/Consent Sessions using pagination, ORY Hydra will only return results with some links, but not the total count of the items, which is useful to display in the frontend, you know, showing the total pages or something.

Describe the solution you'd like

Add the total_count parameter into Hea

#4353

Describe the feature

Ideally the documentation should mention all the datastore models required by the OpenID Connect flows. The current documentation has this section for OAuth2.0 (https://oauthlib.readthedocs.io/en/latest/oauth2/server.html#create-your-datastore-models) but it is missing for OIDC.

authlib contains pretty much all you need to implement JWT token validation. It would be nice if there was a simple default one provided. I'm not sure how many moving parts it would have. If no single validator would cover 80% of cases, maybe provide more docs on how to assemble one.

@lepture If you have a general idea of how you would like to see this implemented I would probably be able to do

Is your feature request related to a problem? Please describe.

I am trying to build an OpenID provider only, I do not really have any resources to which one would delegate access to. So I do not need OAuth provider, just OpenId provider. The issue is that currently documentation/example just says that OAuth handlers have to be registered before OpenId ones, but does not explain which are th

In the documentation, usage of example.com is not clear when it refers to the client app and where it refers to some third party service:

For example, if the web domain for your service is "service.example.com", then the reverse domain name form to use for a custom scheme would be "com.example.service". This is also, typically, the convention used for the package name of your app, e.g. "com.e

We get a lot of questions asking to vary behavior in the external user agent to support one use-case or another. This is all possible today without forking AppAuth (via OIDExternalUserAgent implementations), however it's not as well documented as it could be.

https://github.com/thomseddon/traefik-forward-auth/blob/master/internal/server.go#L52
https://github.com/thomseddon/traefik-forward-auth/blob/6ccd1c6dfc2f60a8b8942570bf6651b45e3b4a69/main.go#L22-L27

Currently when posting a form, an authentication request is being performed and the OIDCPreservePost option is enabled a (or actually a couple) blank screen is shown with the text "Redirecting...". This page gets shown relatively long. It would be great if this page could either take less long, be customizable so it fits in better with the rest of the site or be avoided all together.

Any tips

The DISCOVERY_DOCUMENT does not include the api login url for okta its juts creates a random /callback url which there is no documentation on configuring

Not all built-in actions are listed in action doc. Will there be an update? Below are actions found in type definition.

  export const REDIRECT_SUCCESS: string;
  export const USER_LOADED: string;
  export const SILENT_RENEW_ERROR: string;
  export const SESSION_TERMINATED: string;
  export const USER_EXPIRING: string;
  export const USER_FOUND: strin

Are there no docs for this gem other than the two sample apps' code?

I've looked at the READMEs and doc/ folder in this repo and the repo for the two sample apps, as well as the autogenerated library docs at rdoc.info, and I cannot find one scrap of documentation.

This is the only maintained gem that implements OpenID Connect that I can find, and the two demo apps prove that the gem works and is

Django doesn't guarantee a consistent ordering of models without an
explicit default ordering.

https://github.com/juanifioren/django-oidc-provider/blob/f0daed07b2ac7608565b80d4c80ccf04d8c416a8/oidc_provider/lib/utils/token.py#L158

Rotating RSA keys requires a consistent ordering, because the first key in the set of keys is always used for signing. Should we add a default ordering?

See ht

Add encryption support to access token as JWT.

In the library, the method CreateClient is used in several places in the code to create HttpClient.

I detected two problems:

1. This class implement IDisposable interface and Dispose method is never called.
2. The HttpClient class is designed to be created once and re-used throughtout the life of the application. Read remarks section in the Microsoft documentation [https://docs.microsoft.com/