Javascript authentication library for working with Mafiasi.
This library is intended for applications which are intended to be used in the context of Mafiasi. It particularly aims to take care of any authentication related functionality so that all Mafiasi services use the same technology and conform to the same security requirements.
This is probably the most useful feature and explained in great detail on the OAUTH website which also provides a playground for interactively trying it out.
In summary the following steps are performed:
-
User clicks Login with Mafiasi in the current application
-
The application redirects to
https://<your-oidc-issuer>/auth?state=<something>&scope=<requested-scopes>&redirect_uri=<some-url-to-this-application>&client_id=<ths-application-id> -
The oidc issuer validates that the passed
redirect_uriis allowed for the passedclient_id, logs the user in (we don't really care how) and redirects back to<redirect_uri>?state=<same-state>&session_state=<some-code> -
This application then validates that the passed
stateis the same and therefore associates step 1 with this response (prevents replay attacks), parses thesession_stateaccording to some openid spec, validates it (because it is signed), extracts some information from it (i.e. username) and logs the user in.At this point, the user gets authenticated via the standard django authentication framework and accessible as normal.
TODO