Update specification to errata 2
parent
efb981c1d6
commit
52e3b6c9af
10
oidc.md
10
oidc.md
|
@ -17,7 +17,7 @@ The solution to this problem is to use a server located on the territory of the
|
|||
|
||||
The proposed bellow system is such a solution that solves the problem of localizing personal data.
|
||||
|
||||
The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0-final.html) standard.
|
||||
The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) standard.
|
||||
Follow the link to the specification to explore the core functionality of OpenID Connect: authentication built on top of [OAuth 2.0](https://oauth.net/2/), and the use of Claims to communicate information about the User.
|
||||
|
||||
Also, within the framework of the system, a [Staging](https://staging.ps.radium-it.ru/.well-known/openid-configuration) environment configuration is deployed, within which it is possible to test the services of the OpenID Connect Authorization Server.
|
||||
|
@ -78,7 +78,7 @@ Location: https://{OIDC_SERVER}/oidc/authorize?scope=openid&redirect_uri={REDIRE
|
|||
|
||||
### Authentication & authorization
|
||||
|
||||
NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0-final.html#ImplicitFlowAuth)
|
||||
NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
|
||||
|
||||
```mermaid
|
||||
flowchart TB
|
||||
|
@ -122,7 +122,7 @@ The Authorization Server will attempt to authenticate the User in the following
|
|||
- The User is not already authenticated.
|
||||
- The authentication request contains the `prompt` parameter with the value `login`.
|
||||
|
||||
More information can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#Authenticates)
|
||||
More information can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#Authenticates)
|
||||
|
||||
### JWT generation, delivery & validation
|
||||
|
||||
|
@ -157,11 +157,11 @@ After all the necessary data about the User has been collected, the OIDC Authori
|
|||
```
|
||||
|
||||
The `id_token` (JWT) is a base64 encoded urlsafe string.
|
||||
More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
|
||||
More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).
|
||||
|
||||
JWT contains signature signed with the private key of the OIDC Provider.
|
||||
The client shall verify that JWT is signed by corresponding to `kid` public key contained in JWKS `jwks_endpoint`.
|
||||
|
||||
See [specification](https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation) for more details.
|
||||
See [specification](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation) for more details.
|
||||
|
||||
The website can now use the JWT to get the necessary information about the User.
|
||||
|
|
Loading…
Reference in New Issue