跳到主内容

标准OIDC 客户端

OIDC 发现

Casdoor已完全实现了OIDC协议。 如果您的应用程序已经使用标准的OIDC客户端库连接到另一个OAuth 2.0身份提供商,并且您想要迁移到Casdoor,使用OIDC发现将使您非常容易切换。 Cassdoor's OIDC discovery URL 是:

<your-casdoor-backend-host>/.well-known/openid-configuration

例如,演示站点的OIDC发现URL是:https://door.casdoor.com/.well-known/openid-configuration,它包含以下信息:

{
  "issuer": "https://door.casdoor.com",
  "authorization_endpoint": "https://door.casdoor.com/login/oauth/authorize",
  "token_endpoint": "https://door.casdoor.com/api/login/oauth/access_token",
  "userinfo_endpoint": "https://door.casdoor.com/api/userinfo",
  "jwks_uri": "https://door.casdoor.com/.well-known/jwks",
  "introspection_endpoint": "https://door.casdoor.com/api/login/oauth/introspect",
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token",
    "none"
  ],
  "response_modes_supported": [
    "login",
    "code",
    "link"
  ],
  "grant_types_supported": [
    "password",
    "authorization_code"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "scopes_supported": [
    "openid",
    "email",
    "profile",
    "address",
    "phone",
    "offline_access"
  ],
  "claims_supported": [
    "iss",
    "ver",
    "sub",
    "aud",
    "iat",
    "exp",
    "id",
    "type",
    "displayName",
    "avatar",
    "permanentAvatar",
    "email",
    "phone",
    "location",
    "affiliation",
    "title",
    "homepage",
    "bio",
    "tag",
    "region",
    "language",
    "score",
    "ranking",
    "isOnline",
    "isAdmin",
    "isGlobalAdmin",
    "isForbidden",
    "signupApplication",
    "ldap"
  ],
  "request_parameter_supported": true,
  "request_object_signing_alg_values_supported": [
    "HS256",
    "HS384",
    "HS512"
  ]
}

OIDC客户端库列表

以下是一些适用于Go和Java等语言的OIDC客户端库的列表:

OIDC 客户端库语言链接
go-oidcGohttps://github.com/coreos/go-oidc
pac4j-oidcJavahttps://www.pac4j.org/docs/clients/openid-connect.html

请注意,上述表格并非详尽无遗。 要获取完整的OIDC客户端库列表,您可以在以下位置找到更多详细信息:

  1. https://oauth.net/code/
  2. https://openid.net/certified-open-id-developer-tools/

OIDC UserInfo字段

以下表格说明了如何将OIDC UserInfo字段(通过/api/userinfo API)从Casdoor的用户表的属性中映射出来:

Casdoor 用户字段OIDC用户信息字段
Idsub
originBackendiss
Audaud
Namepreferred_username
DisplayNamename
Emailemail
Avatarpicture
Locationaddress
Phonephone

您可以在这里查看UserInfo的定义。