Details
-
Task
-
Resolution: Out of scope
-
P2: Important
-
None
-
None
-
None
Description
OpenIDConnect (OIDC) is a flow used for authenticating users. This is distinct from authorization; the goal of authorization is to give a permission to do something, where as with authentication the goal is to identify the user reliably.
The task QTBUG-124334 is about adding some convenience support for acquiring the id_token, which can then mostly be treated as an opaque token for accessing web resources.
However, the OpenID Connect specification defines a more broad set of features. This Jira item is a placeholder item for these features, and any discussion around them.
Current understanding on which features this might entail (a "base feature-set" if you will):
- JWT verification and data access
- Decode JWT, verify signature, extract claims and expiration
- Probably requires a new value class (QJsonWebToken), and maybe QOpenIDConnect for verification?
- JWT endpoint discovery
- Probably requires a new Qt class (QOpenIDConnect?)
- Retrieve endpoints and public keys required for JWT verification
- OIDC UserInfo support
- Probably requires a new Qt class (QOpenIDConnect?)
There are many more features that might be useful as well:
- Encrypted token support (JWE)
- Session management (SSO shared between local applications)
- Dynamic client registration
- WebFinger (RFC 7033)
- Creating new JWTs in the Qt application
Attachments
Issue Links
- clones
-
-
- Closed
-