I have a scenario where i have to use openID connect in extranet network. When an application initializes, it downloads the metadata document from .well-known/openid-configuration for which it makes a HTTP Get request. In extranet network with no internet connection , how can I get openid connect metadata document ? Can openID connect work without internet connection ?
Thank you!
On
If the client app cannot communicate with the outside world (but the user who wants to sign in to the app can), then you could:
jwks_uri;response type (such as id_token) that does not require you to call the Token Endpoint from the app;You may run into problems if the OpenID Provider rotates crypto keys frequently or irregularly, as you will need an out of band mechanism to keep those updated.
You do not require internet to use OpenID Connect. When I use the term internet, I refer to networks connecting general web sites or world wide web. Only requirement from protocol is the ability to use HTTP (and TLS) for communication among different roles (ex:- Client, Authorization server, resource server and end user).
You can use OpenID Connect inside an intranet. This network can be separated from internet. And it is possible to connect multiple intranets through VPN. Having a VPN will separate you from internet but allow to use HTTP communication.
So yes it is possible to use OpenID Connect without internet, but it require a network configuration as mentioned above.