You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OpenID Connect(OIDC) is an identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information
about the End-User.
For Easegress it should support OIDC integration as well as maintain compatibility for OAuth2.0 for following reason: First there are some identity platform providers like OKTA、Auth0、Authing and other corporation platforms like Google,these platforms implement the standard OIDC protocol. But there are also lots of platforms like GitHub which only implement OAuth2.0 protocol.
The first v1 integration support following features:
Standard OIDC protocol: users only need set OIDC discovery by configuring issuer and discovery in addition to app credentials.
OAuth2.0 protocol compatibility: users need configure authorizationEndpointtokenEndpointuserinfoEndpoint in addition to app credentials.
When enabled, the OIDC filter should first check if there are some authentication states exist like cookie or bearer token. If exists, the OIDC filter does nothing. Otherwise, it will execute OIDC flow coordinating with user authentication action.
Finally, when handled by OIDC filter the OIDC basic profile information can be obtained by other Easegress filter behind OIDC filter or proxied backend service from http header nameX-Userinfo with standard Base64 encoded value.
Also, optionally OIDC id token is carried by X-ID-Token http header for standard oidc protocol and OAuth2.0 access token is carried by X-Access-Token http header for both OIDC and OAuth2.0.
The text was updated successfully, but these errors were encountered:
OpenID Connect(OIDC) is an identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information
about the End-User.
For Easegress it should support OIDC integration as well as maintain compatibility for OAuth2.0 for following reason: First there are some identity platform providers like OKTA、Auth0、Authing and other corporation platforms like Google,these platforms implement the standard OIDC protocol. But there are also lots of platforms like GitHub which only implement OAuth2.0 protocol.
The first v1 integration support following features:
discovery
in addition to app credentials.authorizationEndpoint
tokenEndpoint
userinfoEndpoint
in addition to app credentials.When enabled, the OIDC filter should first check if there are some authentication states exist like cookie or bearer token. If exists, the OIDC filter does nothing. Otherwise, it will execute OIDC flow coordinating with user authentication action.
Finally, when handled by OIDC filter the OIDC basic profile information can be obtained by other Easegress filter behind OIDC filter or proxied backend service from http header name
X-Userinfo
with standard Base64 encoded value.Also, optionally OIDC id token is carried by
X-ID-Token
http header for standard oidc protocol and OAuth2.0 access token is carried byX-Access-Token
http header for both OIDC and OAuth2.0.The text was updated successfully, but these errors were encountered: