Reputation: 453
Creating an Open ID Connect Provider (provider metadata)
I'm attempting to create an open id connect provider using the library: bshaffer/oauth2-server-php
Then connect to it using: jumbojett/openid-connect-php
Ive got to the point where i'm looking at /.well-known/openid-configuration. I can't find any information regarding this - how to write it - what to put in it - what the different areas are for. And especially the jwks_keys section, which is required to verify the id_tokens that are returned.
Has anyone got any information on how to implement this or got anywhere regarding it?
The problem i'm getting is the error 'Cannot verify signature'
Thanks Kevin
Upvotes: 2
Views: 1458
Answers (1)
Reputation: 2409
For a description of the /.well-known/openid-configuration endpoint, look at the OIDC Discovery specification.
This spec also mentions the jwks_keys (or rather jwks_uri?) attribute, which is a (reference to a) list of the public signing and encryption keys the OIDC Provider might use, formatted as a JWK Set.
Clients wanting to verify an ID Token issued by your provider will extract the kid from the ID Token's JWT Header, and use that to look up the correct signing key in the discovered jwks_uri. Hence your Provider is allowed to use more than one key, for key rotation, or in general.
Upvotes: 2
Related Questions
- How to add OpenID to a php site?
- PHP openID integration in Magento
- OpenID implementation in PHP
- Implementing OpenID with PHP
- PHP OpenID Identity Provider
- Creating a OpenID Provider in PHP
- OpenID integration
- How to discover OpenID IDP, then authenticate with OpenID Provider in PHP
- Implementing OpenID consumer details
- Openid get Provider