Skip to Content

Changes for page org.clazzes.login.oauth

Last modified by wolfgang_glas@iteg_at on 2017-10-13 09.40:35
From version 4.1
edited by wolfgang_glas@iteg_at
on 2017-10-13 09.25:09
Change comment: There is no comment for this version
To version 3.1
edited by wolfgang_glas@iteg_at
on 2017-05-31 07.46:14
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,194 +1,9 @@
1 1  The OAuth login module is a planned login facility providing access to third party OAuth-2.0 and OpenID/Connect Services.
2 2  
3 -The login service might also be configured to accept access tokens of issued to third parties by an authorization provider.
3 +For OpenID/Connect authorization providers we may also act as a resource provider, which validates ID tokens presented by external clients.
4 4  
5 -= {{id name="org.clazzes.login.oauth-Configuration"/}}Configuration =
5 +== {{id name="org.clazzes.login.oauth-FurtherReadings"/}}Further Readings ==
6 6  
7 -The org.clazzes.login.oauth HttpLoginService is configured by the standard OSGi configuration service using the properties mentioned below:
8 -
9 -(% class="relative-table" style="width: 100.0%;" %)
10 -|=(% style="width: 23.6864%;" %)(((
11 -Property
12 -)))|=(% style="width: 76.3136%;" %)(((
13 -Description
14 -)))
15 -|(% style="width: 23.6864%;" %)(((
16 -sessionCookie
17 -)))|(% style="width: 76.3136%;" %)(((
18 -The name of the cookie to set in user agents.
19 -)))
20 -|(% style="width: 23.6864%;" %)(((
21 -sessionTimeout
22 -)))|(% style="width: 76.3136%;" %)(((
23 -The timeout for cookie-based sessions in minutes. Sessions inactive for this time interval will be purged including all access/refresh/ID tokens requested from an OAuth/OpenID Provider.
24 -)))
25 -|(% style="width: 23.6864%;" %)(((
26 -secureCookie
27 -)))|(% style="width: 76.3136%;" %)(((
28 -The secure flag of the issued cookie. Set this value to true, if your are located behind an SSL-terminated ReverseProxy.
29 -)))
30 -|(% style="width: 23.6864%;" %)(((
31 -domain.<domain>.label
32 -)))|(% style="width: 76.3136%;" %)(((
33 -The mandatory human-readable label for the configured domain with identifier <domain>.
34 -)))
35 -|(% style="width: 23.6864%;" %)(((
36 -domain.<domain>.authorizationLocation
37 -)))|(% style="width: 76.3136%;" %)(((
38 -The OAuth2 authorization endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation
39 -)))
40 -|(% style="width: 23.6864%;" %)(((
41 -domain.<domain>.tokenLocation
42 -)))|(% style="width: 76.3136%;" %)(((
43 -The OAuth2 token endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation
44 -)))
45 -|(% style="width: 23.6864%;" %)(((
46 -domain.<domain>.userLocation
47 -)))|(% style="width: 76.3136%;" %)(((
48 -The optional OAuth2 userinfo endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation
49 -)))
50 -|(% style="width: 23.6864%;" %)(((
51 -domain.<domain>.configurationLocation
52 -)))|(% style="width: 76.3136%;" %)(((
53 -The well-known OpenID Connect configuration location.
54 -)))
55 -|(% style="width: 23.6864%;" %)(((
56 -domain.<domain>.faviconLocation
57 -)))|(% style="width: 76.3136%;" %)(((
58 -The optional favicon location for domain, which doe not have a /favicon.ico resource on the root of their authorization web host.
59 -)))
60 -|(% style="width: 23.6864%;" %)(((
61 -domain.<domain>.clientId
62 -)))|(% style="width: 76.3136%;" %)(((
63 -The client ID of our application as registered at the OAuth Provider.
64 -)))
65 -|(% style="width: 23.6864%;" %)(((
66 -domain.<domain>.clientPassword
67 -)))|(% style="width: 76.3136%;" %)(((
68 -The password for the client ID of our application as registered at the OAuth Provider.
69 -)))
70 -|(% style="width: 23.6864%;" %)(((
71 -domain.<domain>.scope
72 -)))|(% style="width: 76.3136%;" %)(((
73 -The mandatory scope to pass to the authorization endpoint.
74 -)))
75 -|(% style="width: 23.6864%;" %)(((
76 -domain.<domain>.prompt
77 -)))|(% style="width: 76.3136%;" %)(((
78 -The optional prompt value to pass to the authorization endpoint.
79 -)))
80 -|(% style="width: 23.6864%;" %)(((
81 -domain.<domain>.responseType
82 -)))|(% style="width: 76.3136%;" %)(((
83 -The optional response type to pass to the authorization endpoint.
84 -)))
85 -|(% style="width: 23.6864%;" %)(((
86 -domain.<domain>.options
87 -)))|(% style="width: 76.3136%;" %)(((
88 -Comma-separated list of options from the set
89 -
90 -* {{code language="none"}}lenientAccessTokenCheck{{/code}} - Used to by pass at_hash checks in issued ID tokens, need e.g. for microsoft providers.
91 -* {{code language="none"}}propagateLocale{{/code}} - Used to propagate the locale of the login iframe to the OAuth provider as the {{code language="none"}}locale{{/code}} URL parameter.
92 -)))
93 -
94 -= {{id name="org.clazzes.login.oauth-Examples"/}}Examples =
95 -
96 -== {{id name="org.clazzes.login.oauth-github.com"/}}github.com ==
97 -
98 -Github implements OAuth2 and is not a full-features OpenID Connect provider.
99 -
100 -|=(((
101 -Property
102 -)))|=(((
103 -Value
104 -)))
105 -|(((
106 -domain.GITHUB.authorizationLocation
107 -)))|(((
108 -(% class="nolink" %)http:~/~/github.com/login/oauth/authorize
109 -)))
110 -|(((
111 -domain.GITHUB.userLocation
112 -)))|(((
113 -(% class="nolink" %)https:~/~/api.github.com/user
114 -)))
115 -|(((
116 -domain.GITHUB.label
117 -)))|(((
118 -github.com
119 -)))
120 -|(((
121 -domain.GITHUB.clientId
122 -)))|(((
123 -Cleint ID a registered under 'Authorized OAuth Apps' [[https:~~/~~/github.com/settings/applications>>url:https://github.com/settings/applications||shape="rect"]]\\
124 -)))
125 -|(((
126 -domain.GITHUB.clientPassword
127 -)))|(((
128 -Password of the above mentioned client ID.\\
129 -)))
130 -|(((
131 -domain.GITHUB.tokenLocation
132 -)))|(((
133 -(% class="nolink" %)https:~/~/github.com/login/oauth/access_token
134 -)))
135 -|(((
136 -domain.GITHUB.scope
137 -)))|(((
138 -user
139 -)))
140 -
141 -\\
142 -
143 -== {{id name="org.clazzes.login.oauth-google.com"/}}google.com ==
144 -
145 -Google implements a clean OpenID Connect provider with no hazzles.
146 -
147 -|=(((
148 -Property
149 -)))|=(((
150 -Value
151 -)))
152 -|(((
153 -domain.GOOGLE.clientId
154 -)))|(((
155 -Client ID as registered under [[https:~~/~~/console.developers.google.com/apis/credentials>>url:https://console.developers.google.com/apis/credentials||shape="rect"]]\\
156 -)))
157 -|(((
158 -domain.GOOGLE.clientPassword
159 -)))|(((
160 -\\
161 -)))
162 -|(((
163 -domain.GOOGLE.configurationLocation
164 -)))|(((
165 -(% class="nolink" %)https:~/~/accounts.google.com/.well-known/openid-configuration
166 -)))
167 -|(((
168 -domain.GOOGLE.label
169 -)))|(((
170 -google.com
171 -)))
172 -|(((
173 -domain.GOOGLE.scope
174 -)))|(((
175 -openid profile email
176 -)))
177 -|(((
178 -domain.GOOGLE.accessType
179 -)))|(((
180 -offline
181 -)))
182 -|(((
183 -domain.GOOGLE.prompt
184 -)))|(((
185 -consent
186 -)))
187 -
188 -\\
189 -
190 -= {{id name="org.clazzes.login.oauth-FurtherReadings"/}}Further Readings =
191 -
192 192  OpenID 1.0 Specification: [[http:~~/~~/openid.net/specs/openid-connect-core-1_0.html>>url:http://openid.net/specs/openid-connect-core-1_0.html||shape="rect"]]
193 193  
194 194  Microsoft's implementation notes: [[https:~~/~~/docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens>>url:https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens||shape="rect"]]
... ... @@ -203,7 +203,7 @@
203 203  
204 204  IANA registry of JSON Web Token Claims: [[https:~~/~~/www.iana.org/assignments/jwt/jwt.xhtml>>url:https://www.iana.org/assignments/jwt/jwt.xhtml||shape="rect"]]
205 205  
206 -= {{id name="org.clazzes.login.oauth-RFCs"/}}RFCs =
21 +== {{id name="org.clazzes.login.oauth-RFCs"/}}RFCs ==
207 207  
208 208  RFC 7515, (% style="color: rgb(0,0,0);" %)JSON Web Signature (JWS), [[https:~~/~~/tools.ietf.org/html/rfc7515>>url:https://tools.ietf.org/html/rfc7515||shape="rect"]]
209 209  
Confluence.Code.ConfluencePageClass[0]
Id
... ... @@ -1,1 +1,1 @@
1 -688789
1 +688788
URL
... ... @@ -1,1 +1,1 @@
1 -https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688789/org.clazzes.login.oauth
1 +https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688788/org.clazzes.login.oauth