2. Nov Matake
OpenID Foundation Japan
Evangelist 初号機
翻訳WG Leader
OAuth.jp
Idcon
Rubyist
fb_graph, rack-oauth2, openid_connect etc.
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
31. Code Flow - OpenID Connect
End User
Relying Party
OpenID Provider
Initiate
Request Authorization
Authenticate & Authorize
Authorization Code
Authorization Code
Access Token + ID Token
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
32. Code Flow - OpenID Connect
End User
Relying Party
OpenID Provider
Initiate
Request Authorization
Authenticate & Authorize
Authorization Code
Authorization Code
Access Token + ID Token
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
33. Code Flow - OpenID Connect
End User
Relying Party
OpenID Provider
Initiate
Request Authorization
Authenticate & Authorize
client_id=...&
response_type=code&
Authorization Code
redirect_uri=https://...&
scope=openid+email
Authorization Code
Access Token + ID Token
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
34. Code Flow - OpenID Connect
End User
Relying Party
OpenID Provider
Initiate
Request Authorization
Authenticate & Authorize
Authorization Code
Authorization Code
Access Token + ID Token
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
35. Code Flow - OpenID Connect
End User
Relying Party
OpenID Provider
Initiate
Request Authorization
Authenticate & Authorize
Authorization Code
Authorization Code
Access Token + ID Token
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
36. Code Flow - OpenID Connect
End User
Relying Party
OpenID Provider
Initiate
Request Authorization
code=...&
client_id=...&
Authenticate & Authorize
client_secret=...&
grant_type=authorization_code&
Authorization Code
redirect_uri=https://...
Authorization Code
Access Token + ID Token
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
37. OpenID Connect
=
OAuth 2.0 + Identity Layer
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.
38. OpenID Connect Scopes
openid → OpenID Connect Request を明示
profile → 氏名, ニックネーム, プロフィール画像 etc.
email → メールアドレス, 検証済 Flag
address → 住所
phone → 電話番号, 検証済 Flag
offline_access → Refresh Token 取得用
Copyright 2013 OpenID Foundation Japan - All Rights Reserved.