Welcome to oidcservice’s documentation!¶
OpenID Connect and OAuth2 (O/O) are both request-response protocols. The client sends a request and the server responds either direct on the same connection or after a while on another connection.
When I use client below I refer to a piece of software that implements O/O and works on behalf of an application.
The client follows the same pattern disregarding which request/response it is dealing with. I does the following when sending a request:
- Gathers the request arguments
- If client authentication is involved it gathers the necessary data for that
- If the chosen client authentication method involved adding information to the request it does so.
- Adds information to the HTTP headers like Content-Type
- Serializes the request into the expected format
after that follows the act of sending the request to the server and receiving the response from it. Once the response have been received, The client will follow this path:
- Deserialize the received message into a internal format
- Verify that the message was correct. That it contains the required claims and that all claims are of the correct data type. If it’s signed and/or encrypted verify signature and/or decrypt.
- Store the received information in a data base and/or passes it on to the application.
oidcservice is built to allow clients to be constructed that supports any number and type of of request-response services. The basic Open ID Connect set is:
- Dynamic provider information discovery
- Dynamic client registration
- Authorization/Authentication request
- Access token request
- User info request
To these one can add services like session management and token introspection. The only thing we can be sure of is that this is not the final set of services, there will be more. And there will be variants of the standard ones. Like when you want to add multi lateral federation support to provider information discovery and client registration.
Over all it seemed like a good idea to write a piece of code that implements all the functionality that is needed to support any of this services and any future services that follows the same pattern.
That is the thought behind oidcservice.
- The Service class
- The state data base
- What a service should do
- A conversation
- oidcservice package
- oidcservice.oauth2 package
- oidcservice.oic package
- oidcservice.oidc.access_token module
- oidcservice.oidc.authorization module
- oidcservice.oidc.check_id module
- oidcservice.oidc.end_session module
- oidcservice.oidc.pkce module
- oidcservice.oidc.provider_info_discovery module
- oidcservice.oidc.refresh_access_token module
- oidcservice.oidc.registration module
- oidcservice.oidc.userinfo module
- oidcservice.oidc.webfinger module
- oidcservice.oidc.utils module
- Module contents