THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Table of Contents |
|---|
Introduction
...
OidcImplicitService is a simple ImplicitGrantService extension which enforces OIDC specific constraints and adds IdToken to the client response. In order to return an id_token, the OidcImplicitService should be configured as follows:
- If the response_type is "id_token token", then the IdTokenResponseFilter should be configured on the OidcImplicitService. The IdTokenResponseFilter in turn needs to know how to create an IdToken, so it must be configured with a IdTokenProvider implementation.
- If the response
...
- _type is "id_token", then a IdTokenProvider implementation should be configured directly on the OidcImplicitService.
Hybrid Flow
OidcHybridService supports Hybrid Flow by delegating to both OidcImplicitService and OidcAuthorizationCodeService.
UserInfo Endpoint
UserInfoService returns UserInfo. It checks UserInfoProvider first, next - OidcUserSubject, and finally it defaults to converting the existing IdToken to UserInfo.
...
OidcKeysService returns a JWK key set containing a public verification JWK key. By default only a public key is returned but the service can also be configured for JWK key to include the corresponding X509 certificate chain too. Use this service if IdToken is signed by a private RSA or EC key for the client be able to fetch the verification keys without having to import them into local key stores. The OidcKeysService can also return a public key stored in a JWK keys file, by specifying the id of the key via "rs.security.keystore.alias" and specifying the type of the keystore ("rs.security.keystore.
OidcDynamicRegistrationService
...
type") as "jwk".
OidcDynamicRegistrationService
This service is currently a work in progress and may become available in available starting from CXF 3.1.8 or CXF 3.1.9. It will support supports the dynamic client registration and management with OIDC specific properties being handled too.
OidcConfigurationService
...
. At the moment some of the advanced registration properties are not yet processed and linked to the way the core OIDC services operate but the service will be enhanced as needed going forward.
OidcConfigurationService
This service is currently a work in progress and may become available in available starting from CXF 3.1.8 or CXF 3.1.9. It will support supports OIDC server configuration queries at ".well-known/openid-configuration".
...
BasicOidc demo service is not an OAuth2 client, but a basic JAX-RS server. This server works with an HTTP Browser client which uses Google script libraries to get IdToken from Google OIDC Authorization endpoint (OIDC Implicit flow). This browser client interacts with CXF OIDC RP code to get IdToken validated and then posts this token to the demo service. Demo service depends on CXF OIDC RP to have this IdToken easily accessible in its code