Next: , Previous: , Up: Server endpoints   [Contents][Index]


12.7 Identity provider

The (webid-oidc server endpoint identity-provider) module defines endpoints that are required for an identity provider.

Class: <oidc-discovery> (<endpoint>) configuration

Serve the OIDC configuration.

You can construct it with #:configuration.

Generic: configuration endpoint

Return the OIDC configuration served by endpoint.

Class: <authorization-endpoint> (<endpoint>) subject encrypted-password key-file

The authorization endpoint prompts the user for a password, and then grants an authorization code. It is defined for one particular user, whose webid is subject, and who knows the password. The authorization endpoint signs authorization codes with the key under key-file. If this file does not exist, a new key will be generated.

The constructor expects keyword arguments #:subject, #:encrypted-password and #:key-file.

Generic: subject authorization-endpoint

Return the webid of the user authorized by authorization-endpoint.

Generic: encrypted-password authorization-endpoint

Return the encrypted password used to authentify the user at authorization-endpoint.

Generic: key-file authorization-endpoint

Return the file name where the key to sign authorization codes in authorization-endpoint is stored.

Class: <token-endpoint> (<endpoint>) issuer key-file

The token endpoint exchanges authorization codes or refresh tokens for new access tokens. The access token is signed with the key loaded from key-file, and the access token is bound to the issuer URI (host name).

You can construct a token endpoint with the #:issuer and #:key-file keyword arguments.

Generic: issuer token-endpoint

Return the issuer (URI with no path) that this token-endpoint operates for.

Generic: key-file token-endpoint

Return the file name where the key to sign access tokens in token-endpoint is stored.

Class: <jwks-endpoint> (<endpoint>) key-file

The JWKS endpoint returns the list of valid public keys used by the identity provider. For now, only the public part of the key under key-file is served.

You can construct one with the #:key-file header argument.

Class: <identity-provider> (<router>) oidc-discovery authorization-endpoint token-endpoint jwks-endpoint default

An identity provider is the sum of an OIDC discovery endpoint, an authorization-endpoint, an token-endpoint and an jwks-endpoint, and a default endpoint that gets all the requests that aren’t handled by the identity provider.

You can construct one with the following keyword arguments: #:authorization-endpoint, #:token-endpoint, #:jwks-endpoint and #:default.

Generic: oidc-discovery identity-provider

Return the OIDC discovery endpoint of the identity-provider.

Generic: authorization-endpoint identity-provider

Return the authorization endpoint of the identity-provider.

Generic: token-endpoint identity-provider

Return the token endpoint of the identity-provider.

Generic: jwks-endpoint identity-provider

Return the JWKS endpoint of the identity-provider.

Generic: default identity-provider

Return the endpoint where all requests that aren’t handled by any element of the identity-provider go.


Next: , Previous: , Up: Server endpoints   [Contents][Index]