Skip to content

Changes

Page history
Update authentication authored by Calum Mackervoy's avatar Calum Mackervoy
Show whitespace changes
Inline Side-by-side
guides/authentication.md
View page @ 8055a114
...@@ -17,10 +17,6 @@ The underpinning technology for DjangoLDP-Account is the OpenID Connect (OIDC) w ...@@ -17,10 +17,6 @@ The underpinning technology for DjangoLDP-Account is the OpenID Connect (OIDC) w
* [Implementation in PyOIDC, used by DjangoLDP-Account](https://pyoidc.readthedocs.io/en/latest/examples/rp.html) * [Implementation in PyOIDC, used by DjangoLDP-Account](https://pyoidc.readthedocs.io/en/latest/examples/rp.html)
* [Example Workflow](https://github.com/solid/webid-oidc-spec/blob/master/example-workflow.md) * [Example Workflow](https://github.com/solid/webid-oidc-spec/blob/master/example-workflow.md)
## The OIDC Provider (OP)
This section is TODO
## The Relying Party (RP) ## The Relying Party (RP)
### Login ### Login
...@@ -40,3 +36,9 @@ DjangoLDP-Account defines a view `RPLoginView`, and provides a url for this view ...@@ -40,3 +36,9 @@ DjangoLDP-Account defines a view `RPLoginView`, and provides a url for this view
The key function is `op_login_url`, which resolves the URL with which to make the authentication request. Login can be completed by providing a URL to the provider, or by providing an email or WebFinger ID. In the latter two cases, provider-discovery will be necessary (see 2.1 of the [Example Workflow](https://github.com/solid/webid-oidc-spec/blob/master/example-workflow.md)) The key function is `op_login_url`, which resolves the URL with which to make the authentication request. Login can be completed by providing a URL to the provider, or by providing an email or WebFinger ID. In the latter two cases, provider-discovery will be necessary (see 2.1 of the [Example Workflow](https://github.com/solid/webid-oidc-spec/blob/master/example-workflow.md))
`op_login_url` configures the callback redirect to the view `RPLoginCallBackView`, which uses another class defined in `rp_login.py`, `RPLoginCallBackEndpoint`, calling the `initial_url()` function when it receives the request. Here resides the logic to perform the login `op_login_url` configures the callback redirect to the view `RPLoginCallBackView`, which uses another class defined in `rp_login.py`, `RPLoginCallBackEndpoint`, calling the `initial_url()` function when it receives the request. Here resides the logic to perform the login
## The OIDC Provider (OP)
During issuer discovery, the RP uses the host from the webID (e.g. `example.com` in the webID `alice@example.com`) and queries it with the resource `https://example.com/.well-known/webfinger?resource=acct%3Aalice%40example.com&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer`
In DjangoLDP this URL, and the OIDC provider functionality is fulfilled by an external library, [django-oidc-provider](https://django-oidc-provider.readthedocs.io/en/latest/)
\ No newline at end of file