「マイクロソフト系技術情報 Wiki」は、「Open棟梁Project」,「OSSコンソーシアム .NET開発基盤部会」によって運営されています。 目次 †概要 †Finalを参照して記述。
詳細 †TLSサポートと、TLS証明書のチェックが必要。 OPディスカバリ †パラメタ †
リクエスト・レスポンスの例 †
OP構成情報 †issuerに「/.well-known/openid-configuration」を連結したURLを使用。 要求 †GET /.well-known/openid-configuration HTTP/1.1 Host: example.com 応答 †HTTP/1.1 200 OK Content-Type: application/json { "issuer": "https://server.example.com", "authorization_endpoint": "https://server.example.com/connect/authorize", "token_endpoint": "https://server.example.com/connect/token", "token_endpoint_auth_methods_supported": ["client_secret_basic", "private_key_jwt"], "token_endpoint_auth_signing_alg_values_supported": ["RS256", "ES256"], "userinfo_endpoint": "https://server.example.com/connect/userinfo", "check_session_iframe": "https://server.example.com/connect/check_session", "end_session_endpoint": "https://server.example.com/connect/end_session", "jwks_uri": "https://server.example.com/jwks.json", "registration_endpoint": "https://server.example.com/connect/register", "scopes_supported": ["openid", "profile", "email", "address", "phone", "offline_access"], "response_types_supported": ["code", "code id_token", "id_token", "token id_token"], "acr_values_supported": ["urn:mace:incommon:iap:silver", "urn:mace:incommon:iap:bronze"], "subject_types_supported": ["public", "pairwise"], "userinfo_signing_alg_values_supported": ["RS256", "ES256", "HS256"], "userinfo_encryption_alg_values_supported": ["RSA1_5", "A128KW"], "userinfo_encryption_enc_values_supported": ["A128CBC-HS256", "A128GCM"], "id_token_signing_alg_values_supported": ["RS256", "ES256", "HS256"], "id_token_encryption_alg_values_supported": ["RSA1_5", "A128KW"], "id_token_encryption_enc_values_supported": ["A128CBC-HS256", "A128GCM"], "request_object_signing_alg_values_supported": ["none", "RS256", "ES256"], "display_values_supported": ["page", "popup"], "claim_types_supported": ["normal", "distributed"], "claims_supported": ["sub", "iss", "auth_time", "acr", "name", "given_name", "family_name", "nickname", "profile", "picture", "website", "email", "email_verified", "locale", "zoneinfo", "http://example.info/claims/groups"], "claims_parameter_supported": true, "service_documentation": "http://server.example.com/connect/service_documentation.html", "ui_locales_supported": ["en-US", "en-GB", "en-CA", "fr-FR", "fr-CA"] } パラメタ †
基本要素 †
エンドポイント †OAuth 2.0 †
Registration †
Requestオブジェクト関連 †
Session Management †
署名・暗号化 †JWK †
アルゴリズム †JWSとJWEのアルゴリズム(JWA)のリストを含むJSON配列
各種オプション †OAuth 2.0 / OIDC †
OIDC †
Requestオブジェクト関連 †
参考 †
RFC 8414 - OAuth 2.0 Authorization Server Metadata †https://tools.ietf.org/html/rfc8414 Dynamic Client Registration †Tags: :IT国際標準, :認証基盤, :クレームベース認証, :OAuth |