search

sahat / satellizer

Token-based AngularJS Authentication
https://satellizer-sahat.rhcloud.com
MIT License
7.85k stars 1.13k forks source link

Open ID connect login. #870

Open graingert opened 8 years ago

graingert commented 8 years ago

It would be great to support fully automatic OpenID Connect, with webfinger and automatically configuring providers based on "/.well-known/openid-configurations"

// webfingers gmail and configures an Auth2 profile
$auth.openIdConnect("acct:example@gmail.com"); 
// configures an Auth2 profile via https://seed.gluu.org/.well-known/openid-configurations
$auth.openIdConnect("https://seed.gluu.org");
graingert commented 8 years ago

it might be required to configure a CORS proxy for webfinger.

graingert commented 8 years ago

Here's an example:

https://accounts.google.com/.well-known/openid-configuration


{
  "issuer": "https://accounts.google.com",
  "authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth",
  "token_endpoint": "https://www.googleapis.com/oauth2/v4/token",
  "userinfo_endpoint": "https://www.googleapis.com/oauth2/v3/userinfo",
  "revocation_endpoint": "https://accounts.google.com/o/oauth2/revoke",
  "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token",
    "none"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "scopes_supported": [
    "openid",
    "email",
    "profile"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic"
  ],
  "claims_supported": [
    "aud",
    "email",
    "email_verified",
    "exp",
    "family_name",
    "given_name",
    "iat",
    "iss",
    "locale",
    "name",
    "picture",
    "sub"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ]
}