Check that the received eID-token is valid before the post to openID

swp-fu-eid / eid-fu-swp

Docker-based REST API implemented with Django and restframework.

MIT License

2 stars 1 forks source link

Check that the received eID-token is valid before the post to openID #49

Closed m273d15 closed 7 years ago

m273d15 commented 7 years ago

The eID data are signed. Therefore we can validate them with the corresponding key. The key is part of the PKI (public key infrastructure). We have to clarify which key is important and which format is used ( X.509 certificates ).

nils-wisiol commented 7 years ago

The eID data will be sent to the eID Server, not to the browser. I think the Django authentication needs to be integrated into the eid token business. Please see the chart referenced in this post.

larissazech commented 7 years ago

Solved by implementing #62.