.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Lemonldap::NG::Portal::Lib::OpenIDConnect 3pm" .TH Lemonldap::NG::Portal::Lib::OpenIDConnect 3pm 2024-02-07 "perl v5.38.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME Lemonldap::NG::Portal::Lib::OpenIDConnect \- Common OpenIDConnect functions .SH SYNOPSIS .IX Header "SYNOPSIS" use Lemonldap::NG::Portal::Lib::OpenIDConnect; .SH DESCRIPTION .IX Header "DESCRIPTION" This module contains common methods for OpenIDConnect authentication and user information loading .SH METHODS .IX Header "METHODS" .SS loadOPs .IX Subsection "loadOPs" Load OpenID Connect Providers and JWKS data .SS loadRPs .IX Subsection "loadRPs" Load OpenID Connect Relying Parties .SS refreshJWKSdata .IX Subsection "refreshJWKSdata" Refresh JWKS data if needed .SS getRP .IX Subsection "getRP" Get Relying Party corresponding to a Client ID .SS getCallbackUri .IX Subsection "getCallbackUri" Compute callback URI .SS buildAuthorizationCodeAuthnRequest .IX Subsection "buildAuthorizationCodeAuthnRequest" Build Authentication Request URI for Authorization Code Flow .SS buildAuthorizationCodeAuthnResponse .IX Subsection "buildAuthorizationCodeAuthnResponse" Build Authentication Response URI for Authorization Code Flow .SS buildImplicitAuthnResponse .IX Subsection "buildImplicitAuthnResponse" Build Authentication Response URI for Implicit Flow .SS buildHybridAuthnResponse .IX Subsection "buildHybridAuthnResponse" Build Authentication Response URI for Hybrid Flow .SS getAuthorizationCodeAccessToken .IX Subsection "getAuthorizationCodeAccessToken" Get Token response with authorization code .SS checkTokenResponseValidity .IX Subsection "checkTokenResponseValidity" Check validity of Token Response .SS getUserInfo .IX Subsection "getUserInfo" Get UserInfo response .SS decodeJSON .IX Subsection "decodeJSON" Convert JSON to HashRef .SS newAuthorizationCode .IX Subsection "newAuthorizationCode" Generate new Authorization Code session .SS newAccessToken .IX Subsection "newAccessToken" Generate new Access Token session .SS newRefreshToken .IX Subsection "newRefreshToken" Generate new Refresh Token session .SS getAuthorizationCode .IX Subsection "getAuthorizationCode" Get existing Authorization Code session .SS getAccessToken .IX Subsection "getAccessToken" Get existing Access Token session .SS getRefreshToken .IX Subsection "getRefreshToken" Get existing Refresh Token session .SS getOpenIDConnectSession .IX Subsection "getOpenIDConnectSession" Try to recover the OpenID Connect session corresponding to id and return session .SS storeState .IX Subsection "storeState" Store information in state database and return .SS extractState .IX Subsection "extractState" Extract state information into \f(CW$self\fR .SS verifyJWTSignature .IX Subsection "verifyJWTSignature" Check signature of a JWT .SS verifyHash .IX Subsection "verifyHash" Check value hash .SS createHash .IX Subsection "createHash" Create Hash .SS returnBearerError .IX Subsection "returnBearerError" Return Bearer error .SS getEndPointAuthenticationCredentials .IX Subsection "getEndPointAuthenticationCredentials" Get Client ID and Client Secret .SS getEndPointAccessToken .IX Subsection "getEndPointAccessToken" Get Access Token .SS getAttributesListFromClaim .IX Subsection "getAttributesListFromClaim" Return list of attributes authorized for a claim .SS buildUserInfoResponseFromId .IX Subsection "buildUserInfoResponseFromId" Return Hash of UserInfo data from session ID .SS buildUserInfoResponse .IX Subsection "buildUserInfoResponse" Return Hash of UserInfo data from session object .SS createJWT .IX Subsection "createJWT" Return JWT .SS createIDToken .IX Subsection "createIDToken" Return ID Token .SS getFlowType .IX Subsection "getFlowType" Return flow type .SS getIDTokenSub .IX Subsection "getIDTokenSub" Return sub field of an ID Token .SS getJWTJSONData .IX Subsection "getJWTJSONData" Return payload of a JWT as Hash ref .SS key2jwks .IX Subsection "key2jwks" Return JWKS representation of a key .SS buildLogoutRequest .IX Subsection "buildLogoutRequest" Build Logout Request URI .SS buildLogoutResponse .IX Subsection "buildLogoutResponse" Build Logout Response URI .SS addRouteFromConf .IX Subsection "addRouteFromConf" Build a Lemonldap::NG::Common::PSGI::Router route from OIDC configuration attribute .SS validatePKCEChallenge .IX Subsection "validatePKCEChallenge" Validate PKCE code challenge with given code challenge method .SH "SEE ALSO" .IX Header "SEE ALSO" Lemonldap::NG::Portal::AuthOpenIDConnect, Lemonldap::NG::Portal::UserDBOpenIDConnect .SH AUTHORS .IX Header "AUTHORS" .IP "LemonLDAP::NG team " 4 .IX Item "LemonLDAP::NG team " .SH "BUG REPORT" .IX Header "BUG REPORT" Use OW2 system to report bug or ask for features: .SH DOWNLOAD .IX Header "DOWNLOAD" Lemonldap::NG is available at .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" See COPYING file for details. .PP This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. .PP This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. .PP You should have received a copy of the GNU General Public License along with this program. If not, see .