diff options
author | Joel Stevenson <jstevenson@bepress.com> | 2016-08-18 15:29:01 -0700 |
---|---|---|
committer | Joel Stevenson <jstevenson@bepress.com> | 2016-08-18 15:29:01 -0700 |
commit | 447465547cc9a14350d024ed25b374614c475eec (patch) | |
tree | db6a1aca50bb431f47412d7272c5aa6e627fcdd3 /docs | |
parent | 9a8f73d2dd088d5ea01313de2a1fe5a877994a79 (diff) | |
download | oauthlib-447465547cc9a14350d024ed25b374614c475eec.tar.gz |
Move the claims handling into OpenIDConnectBase._inflate_claims() and a new AuthCodeGrantDispatcher to route requests to either the default AuthorizationCodeGrant or OpenIDConnectAuthCode depending on scope when the request's response_type is a simple (ambiguous) 'code'.
Include basic docs about OpenID Connect auth flow support
Diffstat (limited to 'docs')
-rw-r--r-- | docs/feature_matrix.rst | 1 | ||||
-rw-r--r-- | docs/index.rst | 1 | ||||
-rw-r--r-- | docs/oauth2/oidc.rst | 16 | ||||
-rw-r--r-- | docs/oauth2/oidc/id_tokens.rst | 16 | ||||
-rw-r--r-- | docs/oauth2/oidc/validator.rst | 7 |
5 files changed, 41 insertions, 0 deletions
diff --git a/docs/feature_matrix.rst b/docs/feature_matrix.rst index d1b3f43..0f9021d 100644 --- a/docs/feature_matrix.rst +++ b/docs/feature_matrix.rst @@ -17,6 +17,7 @@ OAuth 2 client and provider support for - Bearer Tokens - Draft MAC tokens - Token Revocation +- OpenID Connect Authentication with support for SAML2 and JWT tokens, dynamic client registration and more to come. diff --git a/docs/index.rst b/docs/index.rst index f1d380d..1699068 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -32,6 +32,7 @@ For news and discussions please head over to our `G+ OAuthLib community`_. oauth1/oauth1 oauth2/oauth2 + oauth2/oidc Indices and tables ================== diff --git a/docs/oauth2/oidc.rst b/docs/oauth2/oidc.rst new file mode 100644 index 0000000..d062386 --- /dev/null +++ b/docs/oauth2/oidc.rst @@ -0,0 +1,16 @@ +OpenID Connect +============== + +OpenID Connect represents a substantial set of behaviors and interactions built on the foundations of OAuth2. OAuthLib supports +OpenID Connect `Authentication flows`_ when the initial grant type request's ``scope`` parameter contains ``openid``. Clients wishing +to provide this support must implement several new features within their ``RequestValidator`` subclass. + +.. _`Authentication flows`: http://openid.net/specs/openid-connect-core-1_0.html#Authentication + +.. toctree:: + :maxdepth: 2 + + oidc/id_tokens + oidc/validator + + diff --git a/docs/oauth2/oidc/id_tokens.rst b/docs/oauth2/oidc/id_tokens.rst new file mode 100644 index 0000000..5d6aa91 --- /dev/null +++ b/docs/oauth2/oidc/id_tokens.rst @@ -0,0 +1,16 @@ +ID Tokens +========= + +The creation of `ID Tokens`_ is ultimately done not by OAuthLib but by your ``RequestValidator`` subclass. This is because their +content is dependent on your implementation of users, their attributes, any claims you may wish to support, as well as the +details of how you model the notion of a Client Application. As such OAuthLib simply calls your validator's ``get_id_token`` +method at the appropriate times during the authorization flow, depending on the grant type requested (Authorization Code, Implicit, +Hybrid, etc.) + +.. _`ID Tokens`: http://openid.net/specs/openid-connect-core-1_0.html#IDToken + +.. autoclass:: oauthlib.oauth2.RequestValidator + :members: get_id_token + + + diff --git a/docs/oauth2/oidc/validator.rst b/docs/oauth2/oidc/validator.rst new file mode 100644 index 0000000..c92b726 --- /dev/null +++ b/docs/oauth2/oidc/validator.rst @@ -0,0 +1,7 @@ +RequestValidator Extensions +============================ + +Four methods must be implemented in your validator subclass if you wish to support OpenID Connect: + +.. autoclass:: oauthlib.oauth2.RequestValidator + :members: validate_silent_authorization, validate_silent_login, validate_user_match, get_id_token |