ps
/
docs
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update specification to errata 2

master
Антон Касимов 2023-12-24 02:18:18 +03:00
parent efb981c1d6
commit 52e3b6c9af
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
oidc.md
View File

@ -17,7 +17,7 @@ The solution to this problem is to use a server located on the territory of the
The proposed bellow system is such a solution that solves the problem of localizing personal data.
The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0-final.html) standard.
The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) standard.
Follow the link to the specification to explore the core functionality of OpenID Connect: authentication built on top of [OAuth 2.0](https://oauth.net/2/), and the use of Claims to communicate information about the User.
Also, within the framework of the system, a [Staging](https://staging.ps.radium-it.ru/.well-known/openid-configuration) environment configuration is deployed, within which it is possible to test the services of the OpenID Connect Authorization Server.
@ -78,7 +78,7 @@ Location: https://{OIDC_SERVER}/oidc/authorize?scope=openid&redirect_uri={REDIRE
### Authentication & authorization
NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0-final.html#ImplicitFlowAuth)
NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
```mermaid
flowchart TB
@ -122,7 +122,7 @@ The Authorization Server will attempt to authenticate the User in the following
- The User is not already authenticated.
- The authentication request contains the `prompt` parameter with the value `login`.
More information can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#Authenticates)
More information can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#Authenticates)
### JWT generation, delivery & validation
@ -157,11 +157,11 @@ After all the necessary data about the User has been collected, the OIDC Authori
```
The `id_token` (JWT) is a base64 encoded urlsafe string.
More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).
JWT contains signature signed with the private key of the OIDC Provider.
The client shall verify that JWT is signed by corresponding to `kid` public key contained in JWKS `jwks_endpoint`.
See [specification](https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation) for more details.
See [specification](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation) for more details.
The website can now use the JWT to get the necessary information about the User.