Versions Compared

Old Version 3

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 4

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

OpenId Connect (OIDC) is an identity layer built on top of the OAuth2 protocol.

CXF ships OIDC Provider (IDP) and Relying Party (RP) utility code to make it easy for developers to create their own custom OIDC providers or have JAX-RS applications integrated with well-known 3rd party OIDC IDPs.

This code relies heavily on CXF OAuth2 and CXF JOSE modules.

 

Maven Dependencies

Code Block
languagexml
titleCXF OIDC module
<dependency>
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-rt-rs-security-sso-oidc</artifactId>
    <version>3.1.7</version>
</dependency>

IdToken and UserInfo

IdToken is a primary extension that OIDC makes to OAuth2. It provides a collection of claims describing the authenticated user. IdToken a secured JWT token which is JWS-signed and/or JWE-encrypted by OIDC IDP.

CXF provides  org.apache.cxf.rs.security.oidc.common.IdToken.  This token can be processed and protected by CXF OIDC services and validated by the RP code as described below.

IdToken can provide enough information for the client application to work with the current user. However, the client can get more information about the user from OIDC UserInfo endpoint.

CXF provides  org.apache.cxf.rs.security.oidc.common.UserInfo. It can be returned from CXF OIDC UserInfo service and validated by the RP code as described below.

OIDC IDP support

Overview

When the user authentication is required the client application initiates one of OIDC Core flows and redirects this user to OIDC provider. The user gets redirected back to the client after the authentication, with the client application receiving IdToken. If Authorization Code Flow is used then IdToken is returned as part of the follow up code to access token exchange, and if Implicit Flow is used then IdToken is returned immediately.  It is very much like OAuth2 except that an extra IdToken parameter is returned.

 

Fediz OIDC

Fediz OIDC integrates provides a reference integration between CXF OIDC with IDP code and its authentication system to have . It has OIDC Core supported with a minimum amount of code and configuration.

...