6 Ağustos 2019 Salı

OpenID Connect Nedir - Doğrulama (Authentication) Yapar

Giriş
Açıklaması şöyle. OAuth 2 yetkilendirme yaparken, OpenID Connect doğrulama yapar.
So if OAuth is only authorization, then how about the identity, where it comes from?

This is the other half of the puzzle. OpenID connect complements OAuth 2.0 with authentication (
Açıklaması şöyle. OAuth 2.0 protokolünü üzerine bir katmandır. Restful HTTP API hizmetleri sunar.
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, discovery of OpenID Providers, and session management, when it makes sense for them.
Token Tipleri
Açıklaması şöyle
As mentioned before, OIDC is a simple identity layer on top of the OAuth 2.0 protocol, so it extends OAuth2.

With OIDC, an application can receive an identity token (next to the access token) if it needs one. This identity token can then be used to sign in to an application, while the same application uses the access token to access an API.
Yani Token tipi 3'e çıktı. Bunlar şöyle
1. ID Token
2. ACCESS Token
3. Refresh Token

OAuth Endpoints
Açıklaması şöyle
These endpoints are required by the standard (when we use IdentityServer4, those are automatically setup for us):

/authorize
New Access-Token request (certain flows, i.e., different ways).

/token
Can be used in the following cases:

- New Access-Token request (Certain flows).
- Refresh Access-Token.
- Trade Authorization-Code for an Access-Token.

/revocation
Revoke an Access or Refresh-Token.
 OpenID Endpoints
Açıklaması şöyle
/UserInfo
/CheckSession
/endSession
/.well-known/openid-configuration (list endpoints and configs)
/.well-know/jwks (list info about JWT signing keys. used for token validation)

Hiç yorum yok:

Yorum Gönder