Forked from
uffd / uffd
Source project has a limited visibility.
-
Julian authoredLimited to OpenID provider conformance profiles "Basic" and "Config": - Support for features mandatory to implement for all OpenID Providers, not the feature set for Dynamic OpenID Providers - Only Authorization Code Flow, no support for Implicit/Hybrid Flow - Only code response type, no support for token/id_token - Server metadata is served at /.well-known/openid-configuration Additional/optional features: - Support for "claims" parameter - Support for standard scopes "profile" and "email" - Support for non-standard scope/claim "groups" (in violation of RFC 9068) Compatability with existing (working) uffd client setups: Authorization requests without the "openid" scope behave the same as before Prior to this change authorization requests with the "openid" scope were rejected by uffd. This change adds direct dependencies to pyjwt and cryptography. Prior to this change both were already transitive dependencies of oauthlib.
Julian authoredLimited to OpenID provider conformance profiles "Basic" and "Config": - Support for features mandatory to implement for all OpenID Providers, not the feature set for Dynamic OpenID Providers - Only Authorization Code Flow, no support for Implicit/Hybrid Flow - Only code response type, no support for token/id_token - Server metadata is served at /.well-known/openid-configuration Additional/optional features: - Support for "claims" parameter - Support for standard scopes "profile" and "email" - Support for non-standard scope/claim "groups" (in violation of RFC 9068) Compatability with existing (working) uffd client setups: Authorization requests without the "openid" scope behave the same as before Prior to this change authorization requests with the "openid" scope were rejected by uffd. This change adds direct dependencies to pyjwt and cryptography. Prior to this change both were already transitive dependencies of oauthlib.