github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updated Architecture (markdown)

master
aanganes 2012-07-17 12:54:46 -07:00
parent 078d58f057
commit bf2158f085
1 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Architecture.md

@ -61,11 +61,22 @@ The OAuth2 and OpenID Connect endpoints are currently set to the following value
* User info: /userinfo
* Provider configuration: /.well-known/openid-configuration
These endpoints are compliant with the OpenID Connect family of specifications. For instructions regarding how to interact with these endpoints, please see the specifications at openid.net/connect.
## Tokens
//using SECOAUTH token endpoint, with custom token services and token enhancer, etc
We are using the SECOAUTH TokenEndpoint, with several custom beans injected that allow us to customize the tokens we produce and consume. We are using structured JWT (JSON Web Token) Bearer tokens. These tokens can be optionally signed using the JWE / JWK specifications.
## User Management
The JWT library, currently in openid-connect-common, handles serialization/deserialization and manipulation of JWTs. Our implementation of the SECOAUTH OAuth2AccessToken interface, OAuth2AccessTokenEntity, implements our JWT interface and returns the serialized version of the JWT from its Value field.
For more information:
* [JWS](http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-04)
* [JWE](http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04)
* [JWK](http://tools.ietf.org/html/draft-ietf-jose-json-web-key-04)
* [JWA](http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-04)
* [JWT](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-02)
## Users
UserDetailsService - used by Spring Security's AuthenticationProvider to represent the current user (loads a user from a given user id)
AuthenticationUserDetailsService - Used by Spring Security to load a user from an authentication token
UserInfoRepository - repository of user information that is fed into the UserInfoEndpoint's service
@ -74,10 +85,7 @@ An in-memory Authentication Manager is configured in [user-context.xml](https://
//Which of these have we implemented and which are straight SECOAUTH?
## Token Management
AuthorizationServerTokenServices - provide tokens for the authorization server
## Client Management
## Clients
ClientDetailsService - provide OAuth client information (used for OpenID Connect Clients)
## Maven War Overlay
@ -90,9 +98,4 @@ For instance, to overwrite the data source configuration in the main server war
***
*We are currently tracking against the development version of SECOAUTH, which is included in the build directories as a Git submodule. This submodule must be initialized before the main project can be built (see Build Instructions for details). Once SECOAUTH stabilizes to sufficient point, we will instead use a Maven dependency against a specific milestone / release version.
***
[old]
There is a JWT library that handles serialization/deserialization and manipulation of JWTs. We have our own implementation of OAuth2AccessToken called OAuth2AccessTokenEntity which is backed by a JWT object and returns the serialized version of the JWT as the token's Value field.
*We are currently tracking against the development version of SECOAUTH, which is included in the build directories as a Git submodule. This submodule must be initialized before the main project can be built (see Build Instructions for details). Once SECOAUTH stabilizes to sufficient point, we will instead use a Maven dependency against a specific milestone / release version.