Login endpoint
Needed for #3 (closed)
Pyoidc repo : https://github.com/OpenIDC/pyoidc
-
Fork django-oidc and add the dynamic register endpoint : https://github.com/wayward710/django-oidc-provider/commit/76ee45b6fb56ffcdf8bf72f6112e0c41de7958cc
Endpoints
/openid/login
Receive the OP (like paris.happy-dev.fr) from GET request
-
Make a provider discovery request and save the metadata -
Check if the provider is known (use table clientId-OP) -
If provider is unknown, make a dynamic client registration request (see pyoidc) (doesnt implemented on django oidc :https://github.com/juanifioren/django-oidc-provider/issues/59) -
If provider is known, get the POD client id (see pyoidc)
-
-
Make an auth request to the identity provider
/openid/login/callback
-
Get the authorization code, then request access token -
Decode the id token, get the identity provider from it see more -
Validate the id token : -
Check the id token signature from the identity provider public key (get in metadata) -
Check the expires in
-
-
Confirm the provider: The origin of the WebID URI is the same as the origin of the URI in the issuer claim see more -
Respond with a session cookie
/openid/logout
Make a logout request to identity provider
/openid/logout/callback
End the session