Skip to content

Latest commit

 

History

History
78 lines (61 loc) · 3.1 KB

parameter_exercises.md

File metadata and controls

78 lines (61 loc) · 3.1 KB
Raw

Different authentication flows

  1. Code flow

    1. In the authentication request:
      • Specify response_type = code.
      • Specify redirect_uri = http://localhost:8090/code_flow_callback

  2. Implicit flow

    1. In the authentication request:
      • Specify response_type = id_token token.
      • Specify redirect_uri = http://localhost:8090/implicit_flow_callback

  3. Hybrid flow

    1. In the authentication request:
      • Specify response_type = code id_token.
      • Specifyredirect_uri = http://localhost:8090/implicit_flow_callback

Static and dynamic client registration

  1. Static client registration

    1. Register with the provider, making sure to specify the correct redirect_uris (see client.json for Python and Java, or the Apache configuration). Store the generated credentials (client_id and client_secret).
    2. Refer to each implementation's documentation for instructions.

  2. Dynamic client registration

    1. Refer to each implementation's documentation for instructions.

Requesting additional claims and special behavior

  1. Request claims using the scope parameter

    1. In the authentication request:
      • Specify scope = openid profile
    2. Observe which claims are returned.
    3. Try logging in as a another user and again observe which claims are returned.

  2. Request claims using the claims parameter

    1. In the authentication request

      • Specify response_type = code.

      • Specify the following in the claims request (pseudo-code):

        {  
   "userinfo":{  
      "given_name":{  
         "essential":true
      },
      "family_name":{  
         "essential":true
      },
      "nickname":null
   },
   "id_token":{  
      "email":{  
         "essential":true
      },
      "phone_number":null
   }
}

    2. Observe which claims are returned and how they are returned (in the user info or in the ID token).

  3. Request a certain behavior by the OP using scope values

    1. In the authentication request

      • Specify scope = openid who_am_i

    2. Observe what claims are returned and their values.

    3. Try logging in as a another user and again observe which claims are returned.

Signed userinfo

  1. Request a signed UserInfo Response
    1. In the registration request:
      • Specify userinfo_signed_response_alg = RS256
    2. Refer to each implementation's documentation for instructions on how to verify the signature.