code.ivysaur.me
OhIDontCare
OhIDontCare (OIDC) is a minimal, zero-dependency identity provider (IdP) server offering user authentication with the OIDC protocol.
Usage
Start up server:
./oidc-idp-server
Configure your application as a relying party (RP):
./oidc-idp-client
Visit the client URL and start the login flow. That's all!
Status
- IdP httpd
- Internal login support, passwords and session cookies
- RP httpd
- Well-known OpenID Discovery Document
- Authorization code
- JWT signing and JWKS marshalling
- ID Token
- Userinfo endpoint
- Refresh tokens
- Access tokens
- Tests
- E2E test in package
- Test IdP server compatibility with other clients
- Test RP client compatibility with other IdP servers
- Device code flow
Request/response flow
- IdP starts
- RP starts
- RP requests discovery document from IdP
- RP requests JWKS from IdP
- Client visits RP web interface and chooses to log in
- Authorization handshake
- Browser redirect to IdP/authorize endpoint with supplied redirect_uri
- Client authenticates against IdP using any traditional web method. POST to IdP-private endpoint.
- IdP redirects to redirect_uri with single-use authorization code
- Token handshake
- RP uses authorization code to request an token response
- IdP consumes authorization code
- Token response includes access token, refresh token, and ID token.
- Validate ID token signature against JWKS.
- Validate nonce