Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #704 from oauthlib/doc-oidc
Improved OIDC documentation
- Loading branch information
Showing
10 changed files
with
160 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,21 @@ | ||
OpenID Connect | ||
============== | ||
|
||
OpenID Connect represents a substantial set of behaviors and interactions built on the foundations of OAuth2. OAuthLib supports | ||
OpenID Connect `Authentication flows`_ when the initial grant type request's ``scope`` parameter contains ``openid``. Clients wishing | ||
to provide this support must implement several new features within their ``RequestValidator`` subclass. | ||
OpenID Connect represents a substantial set of behaviors and | ||
interactions built on the foundations of OAuth2. OAuthLib supports | ||
OpenID Connect `Authentication flows`_ when the initial grant type | ||
request's ``scope`` parameter contains ``openid``. Providers wishing | ||
to provide this support must implement a couple of new features within | ||
their ``RequestValidator`` subclass. | ||
|
||
A new userinfo endpoint can also be implemented to fulfill the core of OIDC. | ||
|
||
.. _`Authentication flows`: http://openid.net/specs/openid-connect-core-1_0.html#Authentication | ||
|
||
.. toctree:: | ||
:maxdepth: 2 | ||
|
||
oidc/id_tokens | ||
oidc/validator | ||
|
||
|
||
oidc/endpoints | ||
oidc/grants | ||
oidc/id_tokens |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
OpenID Authorization Code | ||
------------------------- | ||
|
||
.. autoclass:: oauthlib.openid.connect.core.grant_types.AuthorizationCodeGrant | ||
:members: | ||
:inherited-members: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
Dispatchers | ||
----------- | ||
|
||
.. contents:: | ||
:depth: 2 | ||
|
||
Authorization Request | ||
^^^^^^^^^^^^^^^^^^^^^ | ||
|
||
.. autoclass:: oauthlib.openid.connect.core.grant_types.ImplicitTokenGrantDispatcher | ||
:members: | ||
:inherited-members: | ||
|
||
|
||
.. autoclass:: oauthlib.openid.connect.core.grant_types.AuthorizationCodeGrantDispatcher | ||
:members: | ||
:inherited-members: | ||
|
||
Token Request | ||
^^^^^^^^^^^^^ | ||
|
||
.. autoclass:: oauthlib.openid.connect.core.grant_types.AuthorizationTokenGrantDispatcher | ||
:members: | ||
:inherited-members: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
OpenID Provider Endpoints | ||
========================= | ||
|
||
Endpoints in OpenID Connect Core adds a new UserInfo Endpoint. All | ||
existing OAuth2.0 endpoints are common to both protocols. | ||
|
||
.. toctree:: | ||
:maxdepth: 2 | ||
|
||
userinfo | ||
|
||
See also the related endpoints from OAuth2.0: | ||
|
||
.. hlist:: | ||
:columns: 1 | ||
|
||
* :doc:`Authorization endpoint </oauth2/endpoints/authorization>` | ||
* :doc:`Introspect endpoint </oauth2/endpoints/introspect>` | ||
* :doc:`Token endpoint </oauth2/endpoints/token>` | ||
* :doc:`Revocation endpoint </oauth2/endpoints/revocation>` | ||
* :doc:`Resource endpoint </oauth2/endpoints/resource>` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
=========== | ||
Grant types | ||
=========== | ||
|
||
The OpenID Connect specification adds a new `Hybrid` flow and adds | ||
variants to the existing `Authorization Code` and `Implicit` | ||
flows. They share the same principle: having `openid` in the scope and | ||
a combination of new `response_type` values. | ||
|
||
|
||
.. list-table:: OpenID Connect "response_type" Values | ||
:widths: 50 50 | ||
:header-rows: 1 | ||
|
||
* - "response_type" value | ||
- Flow | ||
* - `code` | ||
- Authorization Code Flow | ||
* - `id_token` | ||
- Implicit Flow | ||
* - `id_token token` | ||
- Implicit Flow | ||
* - `code id_token` | ||
- Hybrid Flow | ||
* - `code token` | ||
- Hybrid Flow | ||
* - `code id_token token` | ||
- Hybrid Flow | ||
|
||
|
||
Special Dispatcher classes have been made to dynamically route the HTTP | ||
requests to either an OAuth2.0 flow or an OIDC flow. It basically | ||
checks the presence of `openid` scope in the parameters. | ||
|
||
.. toctree:: | ||
:maxdepth: 2 | ||
|
||
dispatchers | ||
authcode | ||
implicit | ||
hybrid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
OpenID Hybrid | ||
------------- | ||
|
||
.. autoclass:: oauthlib.openid.connect.core.grant_types.HybridGrant | ||
:members: | ||
:inherited-members: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
OpenID Implicit | ||
--------------- | ||
|
||
.. autoclass:: oauthlib.openid.connect.core.grant_types.ImplicitGrant | ||
:members: | ||
:inherited-members: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
======================== | ||
OpenID UserInfo endpoint | ||
======================== | ||
|
||
|
||
.. autoclass:: oauthlib.openid.connect.core.endpoints.userinfo.UserInfoEndpoint | ||
:members: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters