Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:idpopenidconnect [2019/04/29 17:39]
coudot [Presentation]
documentation:latest:idpopenidconnect [2019/10/11 18:30] (current)
Line 17: Line 17:
   * Access Token Hash generation   * Access Token Hash generation
   * ID Token signature (HS256/​HS384/​HS512/​RS256/​RS384/​RS512)   * ID Token signature (HS256/​HS384/​HS512/​RS256/​RS384/​RS512)
-  * UserInfo ​end point, as JSON or as JWT+  * UserInfo ​endpoint, as JSON or as JWT
   * Request and Request URI   * Request and Request URI
   * Session management   * Session management
Line 23: Line 23:
   * BackChannel Logout   * BackChannel Logout
   * PKCE (Since ''​2.0.4''​)   * PKCE (Since ''​2.0.4''​)
 +  * Introspection endpoint (Since ''​2.0.6''​)
  
 ===== Configuration ===== ===== Configuration =====
Line 148: Line 149:
     * **Client secret**: Client secret for this RP (can be use for symmetric signature)     * **Client secret**: Client secret for this RP (can be use for symmetric signature)
     * **Public client** (since version ''​2.0.4''​):​ set this RP as public client, so authentication is not needed on token endpoint     * **Public client** (since version ''​2.0.4''​):​ set this RP as public client, so authentication is not needed on token endpoint
 +    * **Require PKCE** (since version ''​2.0.4''​):​ a code challenge is required at token endpoint (see [[https://​tools.ietf.org/​html/​rfc7636|RFC7636]])
   * **Display**:​   * **Display**:​
     * **Display name**: Name of the RP application     * **Display name**: Name of the RP application
     * **Logo**: Logo of the RP application     * **Logo**: Logo of the RP application
-  * **User attribute**:​ session field that with be used as main identifier (''​sub''​)+  * **User attribute**:​ session field that will be used as main identifier (''​sub''​)
   * **ID Token signature algorithm**:​ Select one of ''​none'',​ ''​HS256'',​ ''​HS384'',​ ''​HS512'',​ ''​RS256'',​ ''​RS384'',​ ''​RS512''​   * **ID Token signature algorithm**:​ Select one of ''​none'',​ ''​HS256'',​ ''​HS384'',​ ''​HS512'',​ ''​RS256'',​ ''​RS384'',​ ''​RS512''​
   * **ID Token expiration**:​ Expiration time of ID Tokens   * **ID Token expiration**:​ Expiration time of ID Tokens