{"id":1519,"date":"2024-11-19T09:45:37","date_gmt":"2024-11-19T01:45:37","guid":{"rendered":"https:\/\/www.fanyamin.com\/wordpress\/?p=1519"},"modified":"2024-11-19T09:46:34","modified_gmt":"2024-11-19T01:46:34","slug":"oidc-review","status":"publish","type":"post","link":"https:\/\/www.fanyamin.com\/wordpress\/?p=1519","title":{"rendered":"OIDC Review"},"content":{"rendered":"

What's OIDC<\/h2>\n

OpenID Connect\uff08OIDC\uff09\u662f\u57fa\u4e8e OAuth 2.0 \u89c4\u8303\u6846\u67b6\uff08IETF RFC 6749 \u548c 6750\uff09\u7684\u53ef\u4e92\u64cd\u4f5c\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u3002\u5141\u8bb8\u5ba2\u6237\u7aef\uff08\u5982 Web \u5e94\u7528\u3001\u79fb\u52a8\u5e94\u7528\u7b49\uff09\u901a\u8fc7\u9a8c\u8bc1\u7528\u6237\u8eab\u4efd\u5e76\u83b7\u53d6\u57fa\u672c\u7684\u7528\u6237\u4fe1\u606f\uff0c\u6765\u8fdb\u884c\u5b89\u5168\u7684\u7528\u6237\u8ba4\u8bc1\u548c\u6388\u6743\u3002<\/p>\n

\u5bf9\u4e8e\u5f00\u53d1\u4eba\u5458\u6765\u8bf4\uff0c\u5b83\u4e3a\u201c\u5f53\u524d\u4f7f\u7528\u8fde\u63a5\u7684\u6d4f\u89c8\u5668\u6216\u79fb\u52a8\u5e94\u7528\u7a0b\u5e8f\u7684\u4eba\u7684\u8eab\u4efd\u662f\u4ec0\u4e48\u201d\u8fd9\u4e2a\u95ee\u9898\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5b89\u5168\u4e14\u53ef\u9a8c\u8bc1\u7684\u7b54\u6848\u3002\u6700\u91cd\u8981\u7684\u662f\uff0c\u5b83\u6d88\u9664\u4e86\u8bbe\u7f6e\u3001\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u7801\u7684\u8d23\u4efb\uff0c\u8fd9\u901a\u5e38\u4e0e\u57fa\u4e8e\u51ed\u636e\u7684\u6570\u636e\u6cc4\u9732\u6709\u5173<\/p>\n

\"file\"<\/p>\n

OAuth 2.0 \u662f\u5173\u4e8e\u8d44\u6e90\u8bbf\u95ee\u548c\u5171\u4eab\u7684\uff0c\u800c OIDC \u662f\u5173\u4e8e\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u7684\u3002\u5b83\u7684\u76ee\u7684\u662f\u4e3a\u4f60\u63d0\u4f9b\u591a\u4e2a\u7ad9\u70b9\u7684\u4e00\u6b21\u767b\u5f55\u540d\u3002<\/p>\n

OpenID Connect \u7684\u89d2\u8272\u6709\u4e0b\u9762\u4e09\u4e2a\uff1a<\/p>\n

    \n
  1. \u8eab\u4efd\u63d0\u4f9b\u8005 (Identity Provider, IdP)\uff1a\u8eab\u4efd\u63d0\u4f9b\u8005\uff0c\u8d1f\u8d23\u7528\u6237\u8eab\u4efd\u8ba4\u8bc1\uff0c\u53d1\u5e03\u6388\u6743\u7801\u548c\u4ee4\u724c\uff0c\u9a8c\u8bc1\u4ee4\u724c\u6709\u6548\u6027\u3002\u5e38\u89c1\u7684 IdP \u6709 Google\u3001Facebook \u7b49\u3002<\/li>\n
  2. \u5ba2\u6237\u7aef (Client)\uff1a\u9700\u8981\u83b7\u53d6\u7528\u6237\u8eab\u4efd\u4fe1\u606f\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u4f8b\u5982 Web \u5e94\u7528\u3001\u79fb\u52a8\u5e94\u7528\u7b49\u3002<\/li>\n
  3. \u7ec8\u7aef\u7528\u6237 (End User)\uff1a\u4f7f\u7528\u5ba2\u6237\u7aef\u5e94\u7528\u5e76\u5e0c\u671b\u901a\u8fc7\u8eab\u4efd\u63d0\u4f9b\u8005\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u7684\u7528\u6237\u3002<\/li>\n<\/ol>\n

    \u5b83\u7684\u6d41\u7a0b\u6b65\u9aa4\u5982\u4e0b\u5b9e\u4f53\u5173\u7cfb\u56fe\u6240\u793a<\/p>\n

    \"file\"<\/p>\n

      \n
    1. EndUser\uff1a\u8bf7\u6c42\u8bbf\u95ee\u5ba2\u6237\u7aef\u5e94\u7528\u3002<\/li>\n
    2. Client\uff1a\u91cd\u5b9a\u5411\u7528\u6237\u5230\u8eab\u4efd\u63d0\u4f9b\u8005\uff08IdP\uff09\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u3002<\/li>\n
    3. IdP\uff1a\u8ba4\u8bc1\u7528\u6237\u8eab\u4efd\u3002<\/li>\n
    4. EndUser\uff1a\u63d0\u4f9b\u8ba4\u8bc1\u51ed\u8bc1\u3002<\/li>\n
    5. IdP\uff1a\u8fd4\u56de\u6388\u6743\u7801\u7ed9\u5ba2\u6237\u7aef\u5e94\u7528\u3002<\/li>\n
    6. Client\uff1a\u4f7f\u7528\u6388\u6743\u7801\u5411\u8eab\u4efd\u63d0\u4f9b\u8005\u8bf7\u6c42\u8bbf\u95ee\u4ee4\u724c\u548c ID \u4ee4\u724c\u3002<\/li>\n
    7. IdP\uff1a\u53d1\u5e03\u8bbf\u95ee\u4ee4\u724c\u548c ID \u4ee4\u724c\u7ed9\u5ba2\u6237\u7aef\u5e94\u7528\u3002<\/li>\n
    8. Client\uff1a\u4f7f\u7528\u4ee4\u724c\u4e3a\u7528\u6237\u63d0\u4f9b\u8bbf\u95ee\u8d44\u6e90\u7684\u6743\u9650\u3002<\/li>\n
    9. Client\uff1a\u53ef\u4ee5\u9009\u62e9\u6027\u5730\u5411\u8eab\u4efd\u63d0\u4f9b\u8005\u9a8c\u8bc1\u4ee4\u724c\u7684\u6709\u6548\u6027\u3002<\/li>\n<\/ol>\n

      \u901a\u8fc7\u8fd9\u4e9b\u6d41\u7a0b\uff0cOpenID Connect \u534f\u8bae\u5b9e\u73b0\u4e86\u5b89\u5168\u7684\u7528\u6237\u8eab\u4efd\u8ba4\u8bc1\u548c\u6388\u6743\uff0c\u786e\u4fdd\u7528\u6237\u80fd\u591f\u5b89\u5168\u5730\u8bbf\u95ee\u5ba2\u6237\u7aef\u5e94\u7528\u6240\u63d0\u4f9b\u7684\u8d44\u6e90\u3002<\/p>\n

      Reference<\/h2>\n