Update specification to errata 2
parent
efb981c1d6
commit
52e3b6c9af
10
oidc.md
10
oidc.md
|
@ -17,7 +17,7 @@ The solution to this problem is to use a server located on the territory of the
|
||||||
|
|
||||||
The proposed bellow system is such a solution that solves the problem of localizing personal data.
|
The proposed bellow system is such a solution that solves the problem of localizing personal data.
|
||||||
|
|
||||||
The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0-final.html) standard.
|
The system provides OpenID Connect provider services in accordance with [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) standard.
|
||||||
Follow the link to the specification to explore the core functionality of OpenID Connect: authentication built on top of [OAuth 2.0](https://oauth.net/2/), and the use of Claims to communicate information about the User.
|
Follow the link to the specification to explore the core functionality of OpenID Connect: authentication built on top of [OAuth 2.0](https://oauth.net/2/), and the use of Claims to communicate information about the User.
|
||||||
|
|
||||||
Also, within the framework of the system, a [Staging](https://staging.ps.radium-it.ru/.well-known/openid-configuration) environment configuration is deployed, within which it is possible to test the services of the OpenID Connect Authorization Server.
|
Also, within the framework of the system, a [Staging](https://staging.ps.radium-it.ru/.well-known/openid-configuration) environment configuration is deployed, within which it is possible to test the services of the OpenID Connect Authorization Server.
|
||||||
|
@ -78,7 +78,7 @@ Location: https://{OIDC_SERVER}/oidc/authorize?scope=openid&redirect_uri={REDIRE
|
||||||
|
|
||||||
### Authentication & authorization
|
### Authentication & authorization
|
||||||
|
|
||||||
NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0-final.html#ImplicitFlowAuth)
|
NOTE: The system currently supports only [Implicit Flow](https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
flowchart TB
|
flowchart TB
|
||||||
|
@ -122,7 +122,7 @@ The Authorization Server will attempt to authenticate the User in the following
|
||||||
- The User is not already authenticated.
|
- The User is not already authenticated.
|
||||||
- The authentication request contains the `prompt` parameter with the value `login`.
|
- The authentication request contains the `prompt` parameter with the value `login`.
|
||||||
|
|
||||||
More information can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#Authenticates)
|
More information can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#Authenticates)
|
||||||
|
|
||||||
### JWT generation, delivery & validation
|
### JWT generation, delivery & validation
|
||||||
|
|
||||||
|
@ -157,11 +157,11 @@ After all the necessary data about the User has been collected, the OIDC Authori
|
||||||
```
|
```
|
||||||
|
|
||||||
The `id_token` (JWT) is a base64 encoded urlsafe string.
|
The `id_token` (JWT) is a base64 encoded urlsafe string.
|
||||||
More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
|
More information on `id_token` data structure can be found [here](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).
|
||||||
|
|
||||||
JWT contains signature signed with the private key of the OIDC Provider.
|
JWT contains signature signed with the private key of the OIDC Provider.
|
||||||
The client shall verify that JWT is signed by corresponding to `kid` public key contained in JWKS `jwks_endpoint`.
|
The client shall verify that JWT is signed by corresponding to `kid` public key contained in JWKS `jwks_endpoint`.
|
||||||
|
|
||||||
See [specification](https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation) for more details.
|
See [specification](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation) for more details.
|
||||||
|
|
||||||
The website can now use the JWT to get the necessary information about the User.
|
The website can now use the JWT to get the necessary information about the User.
|
||||||
|
|
Loading…
Reference in New Issue