OpenID Connect Editor's Drafts
Below are links to the HTML versions of the editor's drafts of the specifications and implementer's guides:
Editor's Drafts of Errata Updates to Final Specifications
- Core - Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of Claims to communicate information about the End-User
- Discovery - Defines how RPs dynamically discover information about OpenID Providers
- Dynamic Registration - Defines how RPs dynamically register with OpenID Providers
- Back-Channel Logout - Defines a logout mechanism that uses direct back-channel communication between the OP and RPs being logged out
Editor's Drafts of Specifications with Implementer's Draft Status
- OpenID Federation - Defines how sets of parties can establish trust by utilizing a Federation Operator
- Self-Issued OpenID Provider V2 - Enables End-users to use OpenID Providers (OPs) that they control
- OpenID for Verifiable Presentations - This specification defines a mechanism on top of OAuth 2.0 to allow presentation of claims in the form of verifiable credentials as part of the protocol flow
Editor's Drafts of Final Specifications without Errata Updates
- OAuth 2.0 Multiple Response Types - Defines several specific new OAuth 2.0 response types
- OAuth 2.0 Form Post Response Mode - Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST
- OpenID 2.0 to OpenID Connect Migration - Defines how to migrate from OpenID 2.0 to OpenID Connect
- OpenID Connect RP-Initiated Logout - Defines how a Relying Party requests that an OpenID Provider log out the End-User
- Session Management - Defines how to manage OpenID Connect sessions, including postMessage-based logout functionality
- Front-Channel Logout - Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
Editor's Drafts of Other Specifications
- Initiating User Registration via OpenID Connect - Defines the prompt=create authentication request parameter
- OpenID Connect Core Error Code unmet_authentication_requirements - Defines the unmet_authentication_requirements authentication response error code
- OpenID Connect Native SSO for Mobile Apps - Enables native applications by the same vendor to share login information
- OpenID Connect Profile for SCIM Services - (Inactive) Defines how to use SCIM with OpenID Connect
- OpenID Connect Claims Aggregation - Enables RPs to request and Claims Providers to return aggregated claims through OPs
- OpenID for Verifiable Credential Issuance - This specification defines an API and corresponding OAuth-based authorization mechanisms for issuance of verifiable credentials/li>
- OpenID Connect UserInfo Verifiable Credentials - Enables UserInfo responses as Verifiable Credentials
- OpenID for Verifiable Presentations over BLE - This document defines how Bluetooth Low Energy (BLE) can be used to request the presentation of verifiable credentials using the request and response syntax as defined by OpenID 4 Verifiable Presentations.
- Security and Trust in OpenID for Verifiable Credentials - This specification describes the trust architecture in OpenID for Verifiable Credentials (VCs), outlines security considerations and requirements for the components in an ecosystem, and provides an informal security analysis of the OpenID 4 VC protocols.
Editor's Drafts of Implementer's Guides
- Basic Client Implementer's Guide - (Implementer's Guide) Simple subset of the Core functionality for a web-based Relying Party using the OAuth code flow
- Implicit Client Implementer's Guide - (Implementer's Guide) Simple subset of the Core functionality for a web-based Relying Party using the OAuth implicit flow
Issue Tracking
To submit an issue to the specifications, use the following syntax in the issue title:
<SpecAbbrev> - <Section.Number> <Descritpion>.
For example, to submit a comment on section 4.3.2 of the Core spec, write the title as
Core - 4.3.2 This is the title for the issue
The <Component>
values in the issue tracker are currently:
- All
- Core
- Discovery
- Registration
- Session
- Responses
- FrontChannel
- BackChannel
- Basic
- Implicit
Working with the Repository
This working repository uses Git for version control. The server is at bitbucket.org.
To work on the repository, you need to do the following:
- Fill in the Contribution Agreement so that you join "OpenID AB/Connect Working Group."
- (If you do not already have one, create a Bitbucket account).
Then start working with the repository as:
- Clone the repository. (The command to use is on https://bitbucket.org/openid/connect/src/master.)
Make sure that:
- You only do one edit per commit.
- You include the <command> and <issue number> in the commit message (see below).
For more details, see: http://confluence.atlassian.com/display/BITBUCKET/Bitbucket+101
Commit Messages
When making a commit, use the following syntax for the commit messages so that the issues are linked to the commit:
<command> <issue id>
For example:
Fix #45 - Typo fixed
<command> can be one of the followings:
close/closed/closes/closing/fix/fixed/fixes # resolves the issue
reopen/reopens/reopening # reopens the issue
addresses/re/references/ref/refs/see # adds a link to the changeset as a comment for the issue
The <issue id>
SHOULD be specified as #45
etc.