ps
/
docs
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update specification to errata 2

master
Антон Касимов 2023-12-24 02:18:18 +03:00
parent efb981c1d6
commit 52e3b6c9af
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
oidc.md
View File

@ -17,7 +17,7 @@ The solution to this problem is to use a server located on the territory of the
The proposed bellow system is such a solution that solves the problem of localizing personal data. The proposed bellow system is such a solution that solves the problem of localizing personal data.
The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0-final.html) standard. The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) standard.
Follow the link to the specification to explore the core functionality of OpenID Connect: authentication built on top of [OAuth 2.0](https://oauth.net/2/), and the use of Claims to communicate information about the User. Follow the link to the specification to explore the core functionality of OpenID Connect: authentication built on top of [OAuth 2.0](https://oauth.net/2/), and the use of Claims to communicate information about the User.
Also, within the framework of the system, a [Staging](https://staging.ps.radium-it.ru/.well-known/openid-configuration) environment configuration is deployed, within which it is possible to test the services of the OpenID Connect Authorization Server. Also, within the framework of the system, a [Staging](https://staging.ps.radium-it.ru/.well-known/openid-configuration) environment configuration is deployed, within which it is possible to test the services of the OpenID Connect Authorization Server.
@ -78,7 +78,7 @@ Location: https://{OIDC_SERVER}/oidc/authorize?scope=openid&redirect_uri={REDIRE
### Authentication & authorization ### Authentication & authorization
NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0-final.html#ImplicitFlowAuth) NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
```mermaid ```mermaid
flowchart TB flowchart TB
@ -122,7 +122,7 @@ The Authorization Server will attempt to authenticate the User in the following
- The User is not already authenticated. - The User is not already authenticated.
- The authentication request contains the `prompt` parameter with the value `login`. - The authentication request contains the `prompt` parameter with the value `login`.
More information can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#Authenticates) More information can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#Authenticates)
### JWT generation, delivery & validation ### JWT generation, delivery & validation
@ -157,11 +157,11 @@ After all the necessary data about the User has been collected, the OIDC Authori
``` ```
The `id_token` (JWT) is a base64 encoded urlsafe string. The `id_token` (JWT) is a base64 encoded urlsafe string.
More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken). More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).
JWT contains signature signed with the private key of the OIDC Provider. JWT contains signature signed with the private key of the OIDC Provider.
The client shall verify that JWT is signed by corresponding to `kid` public key contained in JWKS `jwks_endpoint`. The client shall verify that JWT is signed by corresponding to `kid` public key contained in JWKS `jwks_endpoint`.
See [specification](https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation) for more details. See [specification](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation) for more details.
The website can now use the JWT to get the necessary information about the User. The website can now use the JWT to get the necessary information about the User.