跳到主内容

标准OIDC 客户端

OIDC discovery

Casdoor 完全实现了OIDC协议。 如果您的应用程序已经运行了另一个 OAuth 2,那么 (OIDC) 身份提供商一般会通过标准的 OIDC 客户端库提供服务,如果您想要迁移到Casdoor, 使用 OIDC discovery会帮助您非常容易地切换到Casdoor。 Cassdoor's OIDC discovery URL 是:

<your-casdoor-backend-host>/.well-known/openid-configuration

例如,演示站点的 OIDC discovery URL是:https://door.casdoor.com/.well-known/openid-configuration , 具有以下内容:

{
"issuer": "https://door.casdoor.com",
"authorization_endpoint": "https://door.casdoor.com/login/oauth/authorize",
"token_endpoint": "https://door.casdoor.com/api/login/oauth/access_token",
"userinfo_endpoint": "https://door.casdoor.com/api/userinfo",
"jwks_uri": "https://door.casdoor.com/.well-known/jwks",
"introspection_endpoint": "https://door.casdoor.com/api/login/oauth/introspect",
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token",
"none"
],
"response_modes_supported": [
"login",
"code",
"link"
],
"grant_types_supported": [
"password",
"authorization_code"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"scopes_supported": [
"openid",
"email",
"profile",
"address",
"phone",
"offline_access"
],
"claims_supported": [
"iss",
"ver",
"sub",
"aud",
"iat",
"exp",
"id",
"type",
"displayName",
"avatar",
"permanentAvatar",
"email",
"phone",
"location",
"affiliation",
"title",
"homepage",
"bio",
"tag",
"region",
"language",
"score",
"ranking",
"isOnline",
"isAdmin",
"isGlobalAdmin",
"isForbidden",
"signupApplication",
"ldap"
],
"request_parameter_supported": true,
"request_object_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512"
]
}

OIDC 客户端库列表

这里我们列出了一些OIDC 客户端库,如Go 和 Java 等语言:

OIDC 客户端库语言链接
go-oidcGohttps://github.com/coreos/go-oidc
pac4j-oidcJavahttps://www.pac4j.org/docs/clients/openid-connect.html

上表远远没有完成。 OIDC 客户端库的完整列表请查看更多详情:

  1. https://oauth.net/code/
  2. https://openid.net/
    1. 认证的 OpenID Connect 实现
    2. 未认证的 OpenID Connect 实现

OIDC UserInfo fields

The following table shows how OIDC UserInfo fields (via /api/userinfo API) are mapped from properties of Casdoor's User table:

Casdoor User FieldOIDC UserInfo Field
Idsub
originBackendiss
Audaud
Namepreferred_username
DisplayNamename
Emailemail
Avatarpicture
Locationaddress
Phonephone

See UserInfo's definition here: https://github.com/casdoor/casdoor/blob/95ab2472ce84c479be43d6fc4db6533fc738b259/object/user.go#L175-L185