In development. It's an alternative to the bshaffer's repository.
Project whose goal is to implement an Oauth2 identity provider (openid in the future) while strictly respecting RFC.
https://tools.ietf.org/wg/oauth/
Oauth2
- The OAuth 2.0 Authorization Framework - done
- The OAuth 2.0 Authorization Framework: Bearer Token Usage - done
- An IETF URN Sub-Namespace for OAuth - info
- OAuth 2.0 Threat Model and Security Considerations
- OAuth 2.0 Token Revocation - done
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
- Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
- OAuth 2.0 Dynamic Client Registration Protocol
- OAuth 2.0 Dynamic Client Registration Management Protocol
- Proof Key for Code Exchange by OAuth Public Clients
- OAuth 2.0 Token Introspection
- OAuth 2.0 for Native Apps
- OAuth 2.0 Multiple Response Type Encoding Practices
- OAuth 2.0 Form Post Response Mode
- OAuth 2.0 Message Authentication Code (MAC) Tokens
- OAuth 2.0 Device Flow for Browserless and Input Constrained Devices draft-ietf-oauth-device-flow-07
- OAuth 2.0 Authorization Server Metadata draft-ietf-oauth-discovery-05
- OAuth 2.0 Mix-Up Mitigation draft-ietf-oauth-mix-up-mitigation-01
OpenID
- OpenID Connect Core 1.0
- OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1
- OpenID Connect Session Management 1.0 - draft 28
- OpenID Connect Front-Channel Logout 1.0 - draft 02
- OpenID Connect Back-Channel Logout 1.0 - draft 04
Components
- JSON Web Token (JWT)
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
- Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
License LGPL-2.1 or GPL-3.0+