OIDC Multiserver
WebID-OIDC Detailed Sign In Workflow
sequenceDiagram
participant User as Resource owner
participant Client
participant Auth as Auth provider
participant Data as Resource server
User->>Client: Hit a route
Client->>Data: Make a request
Data->>Client: Unauthorized
opt If no provider set
Client->>User: Select an auth provider
end
Client->>Data: Auth provider selected
Data->>Auth: Provider discovery
Auth->>Data: Provider metadata (a)
opt If resource server is not registred
Data->>Auth: Dynamic client registration
Auth->>Data: Provide a client_id
end
Data->>Auth: Make an authorization request
Auth->>User: Redirect Auth page
Note over User,Auth: A session cookie can be set to avoid login
User->>Auth: Login & consent
Auth->>Data: Send an Authorization code
Data->>Auth: Request access token
Auth->>Data: Provide Access token & ID Token
Data->>Data: Verify the ID token signature (b)
Data->>Data: Provider confirmation - ex: webid iri share iss iri (c)
Note over Client,Data: A session cookie can be set here
Data->>Client: Provide Access token & ID Token
Client->>Data: Make request
Data->>Data: Validate (a?,b,c)
Data->>Client: Send data
Todo :
-
https://git.happy-dev.fr/startinblox/djangoldp-packages/djangoldp-account/issues/4 -
https://git.happy-dev.fr/startinblox/djangoldp-packages/djangoldp-account/issues/11 -
make solid Auth demo works on our server (https://github.com/solid/solid-auth-client#demo-app) -
create a issue to make sib oidc work with solid auth client (https://github.com/solid/solid-auth-client) -
finish this issue https://git.happy-dev.fr/startinblox/framework/sib-oidc/issues/14