sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hasini Witharana <hasinidila...@gmail.com>
Subject Re: [Dev][GSOC2018] Project Idea : Provide an OpenID Connect Authentication Handler
Date Sun, 25 Mar 2018 22:05:21 GMT
Hi all,

The below [1] is the proposal for the project "OpenID Connect
authentication handler for Apache Sling". Please review and give your
comments.

[1] -
https://docs.google.com/document/d/1ki_mv_ngtMFsP2cqZkVfZfAYLAYle6M5Srs0WsgHXEs/edit?usp=sharing

Thank you.

On Fri, Mar 23, 2018 at 10:38 PM, Hasini Witharana <hasinidilanka@gmail.com>
wrote:

> Hi Robert,
>
> what would we lose in terms of functionality if we don't implement
>> the Hybrid flow?
>
>
> In the Hybrid flow, we will be able to issue tokens separately for front
> channel and back channel.
>
> How much additional effort is it to implement Hybrid flow?
>
>
> Hybrid flow is the combination of the two flows. And for the Hybrid flow
> there is a new variable as "c_Hash". To implement the Hybrid flow we need
> to combine the flows and implement "c_hash" value.
>
> Can you please direct me to Apache Sling Repository for OAuth2.0
> implementation?
>
> Thank you.
>
> On Fri, Mar 23, 2018 at 4:03 PM, Robert Munteanu <rombert@apache.org>
> wrote:
>
>> Hi Hasini,
>>
>> Thank you for the idea submission and for the description. Some more
>> comments inline.
>>
>> On Thu, 2018-03-22 at 18:21 +0530, Hasini Witharana wrote:
>> > Hi all,
>> >
>> > I am an undergraduate from University of Moratuwa, Computer Science
>> > and
>> > Engineering department. I am interested in the $subject project idea.
>> > I
>> > have worked with a OpenID Connect certification project previously.
>> >
>> > OpenID Connect(OIDC) is an authentication protocol based on OAuth2.0
>> > family
>> > of specifications. There are three main specifications[1][2][3]
>> > written for
>> > OIDC. Since the project goal is to create an OIDC authentication
>> > handler,
>> > we need to focus on [1] specification.
>> >
>> > There are three main flows for the authentication process given in
>> > the
>> > specification[1].
>> >
>> >    1. *Authentication code flow* *(Basic)* - This flow will first
>> > issue a
>> >    code in authorization endpoint and that code can be used to issue
>> > an access
>> >    token and id_token from token endpoint. In this flow client secret
>> > is
>> >    shared to recognize the relying party. So this flow can be used
>> > for
>> >    applications that have a secure sever side applications.
>> >    2. *Implicit flow* - This flow will not issue a code but it will
>> > issue
>> >    an access token and id_token from the authorization endpoint. In
>> > this flow
>> >    client secret is not shared so this flow is preferred for single
>> > web page
>> >    applications.
>> >    3. *Hybrid flow* - This is combination of the previous two flows.
>> >
>> > Basic and Implicit flows must be supported by an OIDC Authentication
>> > Handler. Hybrid flow is not mandatory as per the specification[1].
>> > The
>> > blog[4] written by me on OIDC Basics will help to understand the
>> > basics
>> > without reading the whole specification.
>> >
>> > Should we try to implement all three flows or the first two
>> > flows(Basic and
>> > Implicit) ?
>>
>> My first thought would be to make sure we don't have too large a scope
>> with a GSoC idea, to make sure that it can be completed with good
>> quality in the allocated time.
>>
>> So my questions would be
>>
>> - what would we lose in terms of functionality if we don't implement
>> the Hybrid flow?
>> - how much additional effort is it to implement Hybrid flow?
>>
>> Thanks,
>>
>> Robert
>>
>>
>> >
>> > [1] - http://openid.net/specs/openid-connect-core-1_0.html
>> >
>> > [2] - https://openid.net/specs/openid-connect-discovery-1_0.html
>> >
>> > [3] - http://openid.net/specs/openid-connect-registration-1_0.html
>> >
>> > [4] - https://medium.com/@hasiniwitharana/openid-connect-532465308090
>> > <http://openid.net/specs/openid-connect-registration-1_0.html>
>> > Thank you.
>> >
>>
>>
>
>
> --
> *Hasini Witharana*
> Undergraduate | Department of Computer Science and Engineering
> University of Moratuwa
> Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/>
>



-- 
*Hasini Witharana*
Undergraduate | Department of Computer Science and Engineering
University of Moratuwa
Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message