Skip to content

An OpenID Connect library that does all the heavy lifting for you

License

Notifications You must be signed in to change notification settings

pjones/openid-connect

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ba79268 · Nov 28, 2023

History

42 Commits
Feb 17, 2023
May 24, 2021
Feb 17, 2023
Nov 28, 2023
May 26, 2022
May 26, 2022
Feb 17, 2023
Feb 17, 2023
May 24, 2021
May 26, 2022
Feb 17, 2023
Feb 17, 2023
Feb 17, 2023

Repository files navigation

tests

OpenID Connect 1.0 in Haskell

An OpenID Connect 1.0 compliant library written in Haskell.

The primary goals of this package are security and usability.

Client Features

This library mostly focuses on the client side of the OpenID Connect protocol.

Supported flows:

  • Authorization Code (see OpenID.Connect.Client.Flow.AuthorizationCode) (§3.1)
  • Implicit (partial implementation, patches welcome) (§3.2)
  • Hybrid (partial implementation, patches welcome) (§3.3)

Significant features:

  • ID Token validation via the jose library (§2)
  • Additional OIDC claim validation (e.g., nonce, azp, etc.) (§2)
  • Full support for all defined forms of client authentication (§9)
  • Handles session cookie generation and validation (§3.1.2.1, §15.5.2)
  • Dynamic Client Registration 1.0.

Provider Features

Some utility types and functions are available to assist in the writing of an OIDC Provider:

  • Discovery document (OpenID Connect Discovery 1.0 §3)
  • Key generation (simple wrapper around jose)

Certification Status

We plan on fully certifying this implementation using the following profiles:

  • Basic Relying Party
  • Implicit Relying Party
  • Hybrid Relying Party
  • Relying Party Using Configuration Information
  • Dynamic Relying Party
  • Form Post Relying Party

Specifications and RFCs