diff --git a/oidc.md b/oidc.md index 92ea1bc..1ab4e6f 100644 --- a/oidc.md +++ b/oidc.md @@ -17,7 +17,7 @@ The solution to this problem is to use a server located on the territory of the The proposed bellow system is such a solution that solves the problem of localizing personal data. -The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0-final.html) standard. +The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) standard. Follow the link to the specification to explore the core functionality of OpenID Connect: authentication built on top of [OAuth 2.0](https://oauth.net/2/), and the use of Claims to communicate information about the User. Also, within the framework of the system, a [Staging](https://staging.ps.radium-it.ru/.well-known/openid-configuration) environment configuration is deployed, within which it is possible to test the services of the OpenID Connect Authorization Server. @@ -78,7 +78,7 @@ Location: https://{OIDC_SERVER}/oidc/authorize?scope=openid&redirect_uri={REDIRE ### Authentication & authorization -NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0-final.html#ImplicitFlowAuth) +NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth) ```mermaid flowchart TB @@ -122,7 +122,7 @@ The Authorization Server will attempt to authenticate the User in the following - The User is not already authenticated. - The authentication request contains the `prompt` parameter with the value `login`. -More information can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#Authenticates) +More information can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#Authenticates) ### JWT generation, delivery & validation @@ -157,11 +157,11 @@ After all the necessary data about the User has been collected, the OIDC Authori ``` The `id_token` (JWT) is a base64 encoded urlsafe string. -More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken). +More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#IDToken). JWT contains signature signed with the private key of the OIDC Provider. The client shall verify that JWT is signed by corresponding to `kid` public key contained in JWKS `jwks_endpoint`. -See [specification](https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation) for more details. +See [specification](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation) for more details. The website can now use the JWT to get the necessary information about the User.