Release OIDC Package
huntharo opened this issue · 0 comments
huntharo commented
Motivations
- The OIDC package and documentation could be useful to others
See #227 for details and docs
To-Do
- Implement nonce with DynamoDB backing (auto expiration)
- Handle refresh tokens
- Add documentation
- Create a new construct
Tutorial and Sample
- https://developer.okta.com/blog/2017/07/25/oidc-primer-part-1?_ga=2.163376319.2028853171.1678319707-56475489.1678319707
- https://github.com/oktadev/okta-oidc-flows-example
Documentation
- Authorization Code Flow RFC
- Okta Sample Lambda Node.js OAuth Integration
- Sample implementation from Auth.js
- https://authjs.dev/
- Concerns
- Does not use a DB persisted nonce to avoid replay attacks
- Sends the refresh token to the browser - not clear if this encrypted
- OAuth Threat Models RFC
- Nonce and State
- One Login Examples / Code - Useful for pointers on OIDC
- Using Google as a Social Provider for AWS Cognito User Pools
- Cognito with External Identity Provider
- SAML for Serverless Apps - 2017
- Open Banking OIDC Example
- Google Workspace OIDC Support Added
- Google Identity Platform for Work
- Google Identity API OpenID Connect Setup (OIDC)