OpenID Connect Core 1.0 and Discovery 1.0 support (!155) · Merge requests · uffd / uffd

Julian requested to merge oidc into master Nov 05, 2023

Limited to OpenID provider conformance profiles "Basic" and "Config":

Support for features mandatory to implement for all OpenID Providers, not the feature set for Dynamic OpenID Providers
Only Authorization Code Flow, no support for Implicit/Hybrid Flow
Only code response type, no support for token/id_token
Server metadata is served at /.well-known/openid-configuration

Additional/optional features:

Support for "claims" parameter
Support for standard scopes "profile" and "email"
Support for non-standard scope/claim "groups" (in violation of RFC 9068)

Compatability with existing (working) uffd client setups: Authorization requests without the "openid" scope behave the same as before Prior to this change authorization requests with the "openid" scope were rejected by uffd.

This change adds direct dependencies to pyjwt and cryptography. Prior to this change both were already transitive dependencies of oauthlib.

Closes #155 (closed)

Edited Nov 05, 2023 by Julian

OpenID Connect Core 1.0 and Discovery 1.0 support

Merge request reports