search

swp-fu-eid / eid-fu-swp

Docker-based REST API implemented with Django and restframework.
MIT License
2 stars 1 forks source link

Implement interface between OpenID Provider and eID-Service #62

Closed larissazech closed 6 years ago

larissazech commented 7 years ago

1. Step: Client (KVV) --> OpenID Provider

Send OpenID Connect Authorization Request:

HTTP/1.1 302 Found
  Location: **https://eid.local/api/eidopenid/auth**
  response_type=code
  &scope=openid%20profile%20email
  &client_id=SDFGHJKLUZTREDFGHJ
  &state=34790876543456789765
  &redirect_uri=**https://KVV.de/login**

Todo: Verify, that client sends GET.

2. Step: OpenID Provider --> eID Service:

Create new View api/eidopenid/auth, that redirects the Authorization Request to the eID Service:

HTTP/1.1 302 Found
  Location: **https://eid.local/api/eIdService/init**
  response_type=code
  &scope=openid%20profile%20email
  &client_id=SDFGHJKLUZTREDFGHJ
  &state=34790876543456789765
  &redirect_uri=**https://KVV.de/login**

... eID Server magic...

3. Step: eID Service --> OpenID Provider:

Create new View api/eidopenid/login that receives the Authorization Request plus eID-AccessToken:

HTTP/1.1 302 Found
  Location: **https://eid.local/api/eidopenid/login**
  response_type=code
  &scope=openid%20profile%20email
  &client_id=SDFGHJKLUZTREDFGHJ
  &state=34790876543456789765
  &redirect_uri=**https://KVV.de/login**
  &eid_access_token=uid4

4. Step: OpenID Provider <--> eID Service:

OpenID Provider gets userID from eID-Service by calling python function:

user_id = eid_service.get_user_id(uid4 eid_access_token)

5. Step: OpenID Provider --> Client (KVV)

Send OpenID Connect Access Token Response to Client (KVV):

HTTP/1.1 200 OK
  Content-Type: application/json
  Cache-Control: no-store
  Pragma: no-cache
  {
  "access_token": "4vfKjkM8FcGvnzZUN4_KSP0aAp",
  "token_type": "Bearer",
  "expires_in": 3600,
  "id_token": "eyJhb...cifQ.ew...fQ.gg...zqg"
  "user_id":user_id
  }
larissazech commented 6 years ago

Implemented by #78. Closed.