Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pjones/openid-connect

An OpenID Connect library that does all the heavy lifting for you
https://github.com/pjones/openid-connect

haskell openid-connect

Last synced: 10 days ago
JSON representation

An OpenID Connect library that does all the heavy lifting for you

Host: GitHub
URL: https://github.com/pjones/openid-connect
Owner: pjones
License: bsd-2-clause
Created: 2021-05-21T19:59:19.000Z (over 3 years ago)
Default Branch: trunk
Last Pushed: 2023-12-14T13:52:45.000Z (11 months ago)
Last Synced: 2024-04-26T08:47:06.525Z (7 months ago)
Topics: haskell, openid-connect
Language: Haskell
Homepage:
Size: 117 KB
Stars: 9
Watchers: 2
Forks: 9
Open Issues: 7
Metadata Files:
- Readme: README.md
- Changelog: CHANGES.md
- License: LICENSE

Awesome Lists containing this project

README

        [![tests](https://github.com/pjones/openid-connect/actions/workflows/tests.yml/badge.svg)](https://github.com/pjones/openid-connect/actions/workflows/tests.yml)

OpenID Connect 1.0 in Haskell

=============================

An OpenID Connect 1.0 compliant library written in Haskell.

The primary goals of this package are security and usability.

Client Features

---------------

This library mostly focuses on the client side of the OpenID Connect

protocol.

Supported flows:

  * [x] Authorization Code (see `OpenID.Connect.Client.Flow.AuthorizationCode`) (§3.1)

  * [ ] Implicit (partial implementation, patches welcome) (§3.2)

  * [ ] Hybrid (partial implementation, patches welcome) (§3.3)

Significant features:

  * ID Token validation via the [jose][] library (§2)

  * Additional OIDC claim validation (e.g., `nonce`, `azp`, etc.) (§2)

  * Full support for all defined forms of client authentication (§9)

  * Handles session cookie generation and validation (§3.1.2.1, §15.5.2)

  * Dynamic Client Registration 1.0.

Provider Features

-----------------

Some utility types and functions are available to assist in the

writing of an OIDC Provider:

  * Discovery document (OpenID Connect Discovery 1.0 §3)

  * Key generation (simple wrapper around [jose][])

[jose]: https://hackage.haskell.org/package/jose

Certification Status

--------------------

We plan on fully [certifying][cert] this implementation using the

following profiles:

  * [ ] Basic Relying Party

  * [ ] Implicit Relying Party

  * [ ] Hybrid Relying Party

  * [ ] Relying Party Using Configuration Information

  * [ ] Dynamic Relying Party

  * [ ] Form Post Relying Party

[cert]: https://openid.net/certification/instructions/

Specifications and RFCs

-----------------------

  * [OpenID Connect Core](http://openid.net/specs/openid-connect-core-1_0.html)

  * [OpenID Connect Discovery](http://openid.net/specs/openid-connect-discovery-1_0.html)

  * [The OAuth 2.0 Authorization Framework (RFC6749)](https://tools.ietf.org/html/rfc6749)

  * [JSON Web Token (RFC7519)](https://tools.ietf.org/html/rfc7519)

  * [JSON Web Signature (RFC7515)](https://tools.ietf.org/html/rfc7515)

  * [JSON Web Key (RFC7517)](https://www.rfc-editor.org/rfc/rfc7517.htmlhttps://www.rfc-editor.org/rfc/rfc7517.html)