Skip to content

vdbulcke/oidc-client-demo

Repository files navigation

oidc-client-demo

oidc-client is a CLI tool for testing OIDC integration. See CLI docs here.

Documentation

The complete documentation is hosted here

Features

  • OIDC Authorization Code flow
  • Provider Discovery: Based on Issuer (./well-known/openid-configuration) or via an alternative endpoint
  • Token Signature validation (from jwk provider endpoint)
  • Client Auth Method (client_secret_basic, client_secret_post)
  • PKCE: Proof Key for Code Exchange rfc7636
  • Refresh Token Flow
  • Userinfo
  • Token Introspection
  • (optional) Pushed Authorization Request (rfc9126)
  • (optional) Acr Values
  • (optional) Amr Whitelist
  • (optional) Support JWT Access and Refresh Token decoding
  • (optional) Outputs response, decoded JWT as json (see oidc opa policies)
  • (optional) Additional authorization parameters: claims, ui_locales, etc.
  • (optional) Signed JWT request parameters (#47)
  • (optional) private_key_jwt (client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer) Auth Method (#46)

Install

See Install Documenation.

Validate Signature With Cosign

Make sure you have cosign installed locally (see Cosign Install).

Then you can use the ./verify_signature.sh in this repo:

./verify_signature.sh PATH_TO_DOWNLOADED_ARCHIVE TAG_VERSION

for example

$ ./verify_signature.sh ~/Downloads/oidc-client-demo_0.15.0_Linux_x86_64.tar.gz v0.15.0

Checking Signature for version: v0.15.0
Verified OK