Versions Compared

Old Version 4

changes.mady.by.user SAMA MOHAMED

Saved on

compared with

New Version Current

changes.mady.by.user TP062945

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

OpenID Connect is a protocol for authenticating users, built on top of the OAuth 2.0 authorization framework. Using CAS, you can act as an OpenID Connect Provider (OP), authenticating users using the OpenID Connect (OIDC) protocol, or as a relying party (RP) that requests user authorization from an OP.

Terminology

Access token A credential that is used to access protected resources. An access token is a string, and represents an authorization that is issued to the client. Authorization Endpoint A resource on an OpenID Provider that accepts an authorization request from a client to perform authentication and authorization on a user. The authorization endpoint returns an authorization grant (or code) to the client in the Basic Client Profile. In the Implicit Client Profile, the authorization endpoint returns an ID token and access token to the client. The authorization grant is a credential that represents a user’s authorization to access resources. This credential is used by a client to obtain an access token. Claim Information that is asserted about an entity. Examples of a claim include a phone number, given name, or surname.ID token A JSON Web Token (JWT) that contains claims about the authenticated user.Introspection EndpointA resource on an OpenID Provider that enables a client that holds an access token to retrieve information. The information is used to create the access token (such as the user name, granted scopes, or client ID).OpenID Provider (OP) An OAuth 2.0 authorization server that can provide claims to a client, or Relying Party (RP). Refresh TokenA token that is issued to the client by the OP. The token is used to obtain a new access token when the current access token expires or to obtain more access tokens. Relying Party (RP)Either a WebSphere Application Server configured as an OpenID Connect Client, or a client application that requires claims from an OpenID Provider (OP). Scope Privilege or permission that is allowed to access resources of a third party.Token EndpointA resource on an OpenID Provider that accepts an authorization grant (or code) from a client in exchange for an access token, ID token, and refresh token.

Endpoints

authorization_endpoint

https://cas1.apiit.edu.my/cas/oidc/authorize

token_endpoint

https://cas1.apiit.edu.my/cas/oidc/accessToken

userinfo_endpoint

https://cas1.apiit.edu.my/cas/oidc/profile

registration_endpoint

https://cas1.apiit.edu.my/cas/oidc/register

end_session_endpoint

https://cas1.apiit.edu.my/cas/logout

introspection_endpoint

https://cas1.apiit.edu.my/cas/oidc/introspect

revocation_endpoint

https://cas1.apiit.edu.my/cas/oidc/revoke

jwks_uri

https://cas1.apiit.edu.my/cas/oidc/jwks

 

Example with a python client

First create a new virtual Environment and then install the followings:

...