The (webid-oidc server endpoint identity-provider) module defines endpoints that are required for an identity provider.
Serve the OIDC configuration.
You can construct it with
Return the OIDC configuration served by endpoint.
The authorization endpoint prompts the user for a password, and then grants an authorization code. It is defined for one particular user, whose webid is subject, and who knows the password. The authorization endpoint signs authorization codes with the key under key-file. If this file does not exist, a new key will be generated.
The constructor expects keyword arguments
Return the webid of the user authorized by authorization-endpoint.
Return the encrypted password used to authentify the user at authorization-endpoint.
Return the file name where the key to sign authorization codes in authorization-endpoint is stored.
The token endpoint exchanges authorization codes or refresh tokens for new access tokens. The access token is signed with the key loaded from key-file, and the access token is bound to the issuer URI (host name).
You can construct a token endpoint with the
#:key-file keyword arguments.
Return the issuer (URI with no path) that this token-endpoint operates for.
Return the file name where the key to sign access tokens in token-endpoint is stored.
The JWKS endpoint returns the list of valid public keys used by the identity provider. For now, only the public part of the key under key-file is served.
You can construct one with the
An identity provider is the sum of an OIDC discovery endpoint, an authorization-endpoint, an token-endpoint and an jwks-endpoint, and a default endpoint that gets all the requests that aren’t handled by the identity provider.
You can construct one with the following keyword arguments:
Return the OIDC discovery endpoint of the identity-provider.
Return the authorization endpoint of the identity-provider.
Return the token endpoint of the identity-provider.
Return the JWKS endpoint of the identity-provider.
Return the endpoint where all requests that aren’t handled by any element of the identity-provider go.