broch
broch copied to clipboard
OAuth2 and OpenID Connect in Haskell
At supercede we've made a [yesod integration](https://hackage.haskell.org/package/yesod-auth-oidc) for this library. However it currently doesn't build out of the box because this library was never uploaded to hackage. Please upload this...
These are currently ignored, other than as provided to the client via the discovery response. The client can still use unsupported options in requests and have them processed. For example...
http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html
See http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
Should be validated as per http://openid.net/specs/openid-connect-registration-1_0-20.html#Security
An error page for errors which are reported to the users, rather than as redirects to the client. Currently the textual error is just printed in the browser.
OP-OAuth-2nd-Revokes requires that using an authorization code twice revokes access tokens. See also 10.5 of RFC6749 The requirement is only for access tokens based on the code itself, but this...
See http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest Need to work out what possible use cases apply.
As described in the [client authentication](http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication) section of the spec, client assertion JWTs should only be used once. A caching/checking function is needed to make sure the same token identifier...