[ 
https://issues.apache.org/jira/browse/SLING-2759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16404692#comment-16404692
 ] 

HDW commented on SLING-2759:
----------------------------

[~rombert] - As I understood, we need to build only the delegation part. That 
is covered by the [1] specification.  There are three ways that can be used to 
share details of the authenticated user of a relying party in OIDC. 
 # *Authentication code flow* - This flow will first issue a code in 
authorization endpoint and that code can be used to issue an access token and 
id_token from token endpoint. In this flow client secret is shared to recognize 
the relying party. So this flow can be used for applications that have a secure 
sever side applications.
 # *Implicit flow* - This flow will not issue a code but it will issue an 
access token and id_token from the authorization endpoint. In this flow client 
secret is not shared so this flow is preferred for single web page applications.
 # *Hybrid flow* - This is combination of the previous two flows. [2]

Can you please direct me to the plug-gable source you mentioned in the comment 
and some materials that would be helpful to understand how Sling works?

[1] -  [http://openid.net/specs/openid-connect-core-1_0.html]

[2] - https://medium.com/@hasiniwitharana/openid-connect-532465308090

> Provide an OpenId Connect Authentication Handler
> ------------------------------------------------
>
>                 Key: SLING-2759
>                 URL: https://issues.apache.org/jira/browse/SLING-2759
>             Project: Sling
>          Issue Type: Wish
>          Components: Authentication
>            Reporter: Antonio Sanso
>            Priority: Major
>              Labels: gsoc2018
>
> It would be nice to provide an OpenId Connect [0] Authentication Handler.
> Ideally this would leverage Apache Oltu OpenId Connect support [1] and 
> pluggable login module [2]
> [0] http://openid.net/connect/
> [1] https://issues.apache.org/jira/browse/AMBER-24
> [2] https://issues.apache.org/jira/browse/SLING-2623



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to