Skip to Content

Changes for page org.clazzes.login.oauth

Last modified by wolfgang_glas@iteg_at on 2017-10-13 09.40:35
From version 3.1
edited by wolfgang_glas@iteg_at
on 2017-05-31 07.46:14
Change comment: There is no comment for this version
To version 4.1
edited by wolfgang_glas@iteg_at
on 2017-10-13 09.25:09
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,9 +1,194 @@
1 1  The OAuth login module is a planned login facility providing access to third party OAuth-2.0 and OpenID/Connect Services.
2 2  
3 -For OpenID/Connect authorization providers we may also act as a resource provider, which validates ID tokens presented by external clients.
3 +The login service might also be configured to accept access tokens of issued to third parties by an authorization provider.
4 4  
5 -== {{id name="org.clazzes.login.oauth-FurtherReadings"/}}Further Readings ==
5 += {{id name="org.clazzes.login.oauth-Configuration"/}}Configuration =
6 6  
7 +The org.clazzes.login.oauth HttpLoginService is configured by the standard OSGi configuration service using the properties mentioned below:
8 +
9 +(% class="relative-table" style="width: 100.0%;" %)
10 +|=(% style="width: 23.6864%;" %)(((
11 +Property
12 +)))|=(% style="width: 76.3136%;" %)(((
13 +Description
14 +)))
15 +|(% style="width: 23.6864%;" %)(((
16 +sessionCookie
17 +)))|(% style="width: 76.3136%;" %)(((
18 +The name of the cookie to set in user agents.
19 +)))
20 +|(% style="width: 23.6864%;" %)(((
21 +sessionTimeout
22 +)))|(% style="width: 76.3136%;" %)(((
23 +The timeout for cookie-based sessions in minutes. Sessions inactive for this time interval will be purged including all access/refresh/ID tokens requested from an OAuth/OpenID Provider.
24 +)))
25 +|(% style="width: 23.6864%;" %)(((
26 +secureCookie
27 +)))|(% style="width: 76.3136%;" %)(((
28 +The secure flag of the issued cookie. Set this value to true, if your are located behind an SSL-terminated ReverseProxy.
29 +)))
30 +|(% style="width: 23.6864%;" %)(((
31 +domain.<domain>.label
32 +)))|(% style="width: 76.3136%;" %)(((
33 +The mandatory human-readable label for the configured domain with identifier <domain>.
34 +)))
35 +|(% style="width: 23.6864%;" %)(((
36 +domain.<domain>.authorizationLocation
37 +)))|(% style="width: 76.3136%;" %)(((
38 +The OAuth2 authorization endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation
39 +)))
40 +|(% style="width: 23.6864%;" %)(((
41 +domain.<domain>.tokenLocation
42 +)))|(% style="width: 76.3136%;" %)(((
43 +The OAuth2 token endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation
44 +)))
45 +|(% style="width: 23.6864%;" %)(((
46 +domain.<domain>.userLocation
47 +)))|(% style="width: 76.3136%;" %)(((
48 +The optional OAuth2 userinfo endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation
49 +)))
50 +|(% style="width: 23.6864%;" %)(((
51 +domain.<domain>.configurationLocation
52 +)))|(% style="width: 76.3136%;" %)(((
53 +The well-known OpenID Connect configuration location.
54 +)))
55 +|(% style="width: 23.6864%;" %)(((
56 +domain.<domain>.faviconLocation
57 +)))|(% style="width: 76.3136%;" %)(((
58 +The optional favicon location for domain, which doe not have a /favicon.ico resource on the root of their authorization web host.
59 +)))
60 +|(% style="width: 23.6864%;" %)(((
61 +domain.<domain>.clientId
62 +)))|(% style="width: 76.3136%;" %)(((
63 +The client ID of our application as registered at the OAuth Provider.
64 +)))
65 +|(% style="width: 23.6864%;" %)(((
66 +domain.<domain>.clientPassword
67 +)))|(% style="width: 76.3136%;" %)(((
68 +The password for the client ID of our application as registered at the OAuth Provider.
69 +)))
70 +|(% style="width: 23.6864%;" %)(((
71 +domain.<domain>.scope
72 +)))|(% style="width: 76.3136%;" %)(((
73 +The mandatory scope to pass to the authorization endpoint.
74 +)))
75 +|(% style="width: 23.6864%;" %)(((
76 +domain.<domain>.prompt
77 +)))|(% style="width: 76.3136%;" %)(((
78 +The optional prompt value to pass to the authorization endpoint.
79 +)))
80 +|(% style="width: 23.6864%;" %)(((
81 +domain.<domain>.responseType
82 +)))|(% style="width: 76.3136%;" %)(((
83 +The optional response type to pass to the authorization endpoint.
84 +)))
85 +|(% style="width: 23.6864%;" %)(((
86 +domain.<domain>.options
87 +)))|(% style="width: 76.3136%;" %)(((
88 +Comma-separated list of options from the set
89 +
90 +* {{code language="none"}}lenientAccessTokenCheck{{/code}} - Used to by pass at_hash checks in issued ID tokens, need e.g. for microsoft providers.
91 +* {{code language="none"}}propagateLocale{{/code}} - Used to propagate the locale of the login iframe to the OAuth provider as the {{code language="none"}}locale{{/code}} URL parameter.
92 +)))
93 +
94 += {{id name="org.clazzes.login.oauth-Examples"/}}Examples =
95 +
96 +== {{id name="org.clazzes.login.oauth-github.com"/}}github.com ==
97 +
98 +Github implements OAuth2 and is not a full-features OpenID Connect provider.
99 +
100 +|=(((
101 +Property
102 +)))|=(((
103 +Value
104 +)))
105 +|(((
106 +domain.GITHUB.authorizationLocation
107 +)))|(((
108 +(% class="nolink" %)http:~/~/github.com/login/oauth/authorize
109 +)))
110 +|(((
111 +domain.GITHUB.userLocation
112 +)))|(((
113 +(% class="nolink" %)https:~/~/api.github.com/user
114 +)))
115 +|(((
116 +domain.GITHUB.label
117 +)))|(((
118 +github.com
119 +)))
120 +|(((
121 +domain.GITHUB.clientId
122 +)))|(((
123 +Cleint ID a registered under 'Authorized OAuth Apps' [[https:~~/~~/github.com/settings/applications>>url:https://github.com/settings/applications||shape="rect"]]\\
124 +)))
125 +|(((
126 +domain.GITHUB.clientPassword
127 +)))|(((
128 +Password of the above mentioned client ID.\\
129 +)))
130 +|(((
131 +domain.GITHUB.tokenLocation
132 +)))|(((
133 +(% class="nolink" %)https:~/~/github.com/login/oauth/access_token
134 +)))
135 +|(((
136 +domain.GITHUB.scope
137 +)))|(((
138 +user
139 +)))
140 +
141 +\\
142 +
143 +== {{id name="org.clazzes.login.oauth-google.com"/}}google.com ==
144 +
145 +Google implements a clean OpenID Connect provider with no hazzles.
146 +
147 +|=(((
148 +Property
149 +)))|=(((
150 +Value
151 +)))
152 +|(((
153 +domain.GOOGLE.clientId
154 +)))|(((
155 +Client ID as registered under [[https:~~/~~/console.developers.google.com/apis/credentials>>url:https://console.developers.google.com/apis/credentials||shape="rect"]]\\
156 +)))
157 +|(((
158 +domain.GOOGLE.clientPassword
159 +)))|(((
160 +\\
161 +)))
162 +|(((
163 +domain.GOOGLE.configurationLocation
164 +)))|(((
165 +(% class="nolink" %)https:~/~/accounts.google.com/.well-known/openid-configuration
166 +)))
167 +|(((
168 +domain.GOOGLE.label
169 +)))|(((
170 +google.com
171 +)))
172 +|(((
173 +domain.GOOGLE.scope
174 +)))|(((
175 +openid profile email
176 +)))
177 +|(((
178 +domain.GOOGLE.accessType
179 +)))|(((
180 +offline
181 +)))
182 +|(((
183 +domain.GOOGLE.prompt
184 +)))|(((
185 +consent
186 +)))
187 +
188 +\\
189 +
190 += {{id name="org.clazzes.login.oauth-FurtherReadings"/}}Further Readings =
191 +
7 7  OpenID 1.0 Specification: [[http:~~/~~/openid.net/specs/openid-connect-core-1_0.html>>url:http://openid.net/specs/openid-connect-core-1_0.html||shape="rect"]]
8 8  
9 9  Microsoft's implementation notes: [[https:~~/~~/docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens>>url:https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens||shape="rect"]]
... ... @@ -18,7 +18,7 @@
18 18  
19 19  IANA registry of JSON Web Token Claims: [[https:~~/~~/www.iana.org/assignments/jwt/jwt.xhtml>>url:https://www.iana.org/assignments/jwt/jwt.xhtml||shape="rect"]]
20 20  
21 -== {{id name="org.clazzes.login.oauth-RFCs"/}}RFCs ==
206 += {{id name="org.clazzes.login.oauth-RFCs"/}}RFCs =
22 22  
23 23  RFC 7515, (% style="color: rgb(0,0,0);" %)JSON Web Signature (JWS), [[https:~~/~~/tools.ietf.org/html/rfc7515>>url:https://tools.ietf.org/html/rfc7515||shape="rect"]]
24 24  
Confluence.Code.ConfluencePageClass[0]
Id
... ... @@ -1,1 +1,1 @@
1 -688788
1 +688789
URL
... ... @@ -1,1 +1,1 @@
1 -https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688788/org.clazzes.login.oauth
1 +https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688789/org.clazzes.login.oauth