Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-127845

[OAuth OIDC][Placeholder] Support for base OIDC features

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Out of scope
    • Icon: P2: Important P2: Important
    • None
    • None
    • None

      OpenIDConnect (OIDC) is a flow used for authenticating users. This is distinct from authorization; the goal of authorization is to give a permission to do something, where as with authentication the goal is to identify the user reliably.

      The task QTBUG-124334 is about adding some convenience support for acquiring the id_token, which can then mostly be treated as an opaque token for accessing web resources.

      However, the OpenID Connect specification defines a more broad set of features. This Jira item is a placeholder item for these features, and any discussion around them.

      Current understanding on which features this might entail (a "base feature-set" if you will):

      • JWT verification and data access
        • Decode JWT, verify signature, extract claims and expiration
        • Probably requires a new value class (QJsonWebToken), and maybe QOpenIDConnect for verification?
      • JWT endpoint discovery
        • Probably requires a new Qt class (QOpenIDConnect?)
        • Retrieve endpoints and public keys required for JWT verification
      • OIDC UserInfo support
        • Probably requires a new Qt class (QOpenIDConnect?)

      There are many more features that might be useful as well:

      • Encrypted token support (JWE)
      • Session management (SSO shared between local applications)
      • Dynamic client registration
      • WebFinger (RFC 7033)
      • Creating new JWTs in the Qt application

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            vuokko Juha Vuolle
            vuokko Juha Vuolle
            Vladimir Minenko Vladimir Minenko
            Alex Blasche Alex Blasche
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes