From 52e3b6c9afd6c20e45be64484f21aac5277541d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BD=D1=82=D0=BE=D0=BD=20=D0=9A=D0=B0=D1=81=D0=B8?= =?UTF-8?q?=D0=BC=D0=BE=D0=B2?= Date: Sun, 24 Dec 2023 02:18:18 +0300 Subject: [PATCH] Update specification to errata 2 --- oidc.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/oidc.md b/oidc.md index 92ea1bc..1ab4e6f 100644 --- a/oidc.md +++ b/oidc.md @@ -17,7 +17,7 @@ The solution to this problem is to use a server located on the territory of the The proposed bellow system is such a solution that solves the problem of localizing personal data. -The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0-final.html) standard. +The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) standard. Follow the link to the specification to explore the core functionality of OpenID Connect: authentication built on top of [OAuth 2.0](https://oauth.net/2/), and the use of Claims to communicate information about the User. Also, within the framework of the system, a [Staging](https://staging.ps.radium-it.ru/.well-known/openid-configuration) environment configuration is deployed, within which it is possible to test the services of the OpenID Connect Authorization Server. @@ -78,7 +78,7 @@ Location: https://{OIDC_SERVER}/oidc/authorize?scope=openid&redirect_uri={REDIRE ### Authentication & authorization -NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0-final.html#ImplicitFlowAuth) +NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth) ```mermaid flowchart TB @@ -122,7 +122,7 @@ The Authorization Server will attempt to authenticate the User in the following - The User is not already authenticated. - The authentication request contains the `prompt` parameter with the value `login`. -More information can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#Authenticates) +More information can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#Authenticates) ### JWT generation, delivery & validation @@ -157,11 +157,11 @@ After all the necessary data about the User has been collected, the OIDC Authori ``` The `id_token` (JWT) is a base64 encoded urlsafe string. -More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken). +More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#IDToken). JWT contains signature signed with the private key of the OIDC Provider. The client shall verify that JWT is signed by corresponding to `kid` public key contained in JWKS `jwks_endpoint`. -See [specification](https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation) for more details. +See [specification](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation) for more details. The website can now use the JWT to get the necessary information about the User.