Closed larissazech closed 6 years ago
Send OpenID Connect Authorization Request:
HTTP/1.1 302 Found Location: **https://eid.local/api/eidopenid/auth** response_type=code &scope=openid%20profile%20email &client_id=SDFGHJKLUZTREDFGHJ &state=34790876543456789765 &redirect_uri=**https://KVV.de/login**
Todo: Verify, that client sends GET.
Create new View api/eidopenid/auth, that redirects the Authorization Request to the eID Service:
HTTP/1.1 302 Found Location: **https://eid.local/api/eIdService/init** response_type=code &scope=openid%20profile%20email &client_id=SDFGHJKLUZTREDFGHJ &state=34790876543456789765 &redirect_uri=**https://KVV.de/login**
... eID Server magic...
Create new View api/eidopenid/login that receives the Authorization Request plus eID-AccessToken:
HTTP/1.1 302 Found Location: **https://eid.local/api/eidopenid/login** response_type=code &scope=openid%20profile%20email &client_id=SDFGHJKLUZTREDFGHJ &state=34790876543456789765 &redirect_uri=**https://KVV.de/login** &eid_access_token=uid4
OpenID Provider gets userID from eID-Service by calling python function:
user_id = eid_service.get_user_id(uid4 eid_access_token)
Send OpenID Connect Access Token Response to Client (KVV):
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token": "4vfKjkM8FcGvnzZUN4_KSP0aAp", "token_type": "Bearer", "expires_in": 3600, "id_token": "eyJhb...cifQ.ew...fQ.gg...zqg" "user_id":user_id }
Implemented by #78. Closed.
1. Step: Client (KVV) --> OpenID Provider
Send OpenID Connect Authorization Request:
Todo: Verify, that client sends GET.
2. Step: OpenID Provider --> eID Service:
Create new View api/eidopenid/auth, that redirects the Authorization Request to the eID Service:
... eID Server magic...
3. Step: eID Service --> OpenID Provider:
Create new View api/eidopenid/login that receives the Authorization Request plus eID-AccessToken:
4. Step: OpenID Provider <--> eID Service:
OpenID Provider gets userID from eID-Service by calling python function:
5. Step: OpenID Provider --> Client (KVV)
Send OpenID Connect Access Token Response to Client (KVV):