Standard OIDC Client

OIDC discovery

Casdoor has fulfilled the OIDC protocol completely. If your application is already running against another OAuth 2.0 (OIDC) identity provider via a standard OIDC client library and you want to migrate to Casdoor, using OIDC discovery will be very easy for you to switch to Casdoor. Casdoor’s OIDC discovery URL is:

  1. <your-casdoor-backend-host>/.well-known/openid-configuration

E.g., the OIDC discovery URL for the demo site is: https://door.casbin.com/.well-known/openid-configuration , with the following content:

  1. {
  2.   "issuer": "https://door.casbin.com",
  3.   "authorization_endpoint": "https://door.casbin.com/login/oauth/authorize",
  4.   "token_endpoint": "https://door.casbin.com/api/login/oauth/access_token",
  5.   "userinfo_endpoint": "https://door.casbin.com/api/get-account",
  6.   "jwks_uri": "https://door.casbin.com/api/certs",
  7.   "response_types_supported": [
  8.     "id_token"
  9.   ],
  10.   "response_modes_supported": [
  11.     "login",
  12.     "code",
  13.     "link"
  14.   ],
  15.   "grant_types_supported": [
  16.     "password",
  17.     "authorization_code"
  18.   ],
  19.   "subject_types_supported": [
  20.     "public"
  21.   ],
  22.   "id_token_signing_alg_values_supported": [
  23.     "RS256"
  24.   ],
  25.   "scopes_supported": [
  26.     "openid",
  27.     "email",
  28.     "profile",
  29.     "address",
  30.     "phone",
  31.     "offline_access"
  32.   ],
  33.   "claims_supported": [
  34.     "iss",
  35.     "ver",
  36.     "sub",
  37.     "aud",
  38.     "iat",
  39.     "exp",
  40.     "id",
  41.     "type",
  42.     "displayName",
  43.     "avatar",
  44.     "permanentAvatar",
  45.     "email",
  46.     "phone",
  47.     "location",
  48.     "affiliation",
  49.     "title",
  50.     "homepage",
  51.     "bio",
  52.     "tag",
  53.     "region",
  54.     "language",
  55.     "score",
  56.     "ranking",
  57.     "isOnline",
  58.     "isAdmin",
  59.     "isGlobalAdmin",
  60.     "isForbidden",
  61.     "signupApplication",
  62.     "ldap"
  63.   ],
  64.   "request_parameter_supported": true,
  65.   "request_object_signing_alg_values_supported": [
  66.     "HS256",
  67.     "HS384",
  68.     "HS512"
  69.   ]
  70. }

List of OIDC client libraries

Here we list a few OIDC client libraries for some languages like Go and Java:

OIDC client libraryLanguageLink
go-oidcGohttps://github.com/coreos/go-oidc
pac4j-oidcJavahttps://www.pac4j.org/docs/clients/openid-connect.html

The above table is far from being complete. For a full list of OIDC client libraries, please see more details at:

  1. https://oauth.net/code/
  2. https://openid.net/
    1. Certified OpenID Connect Implementations
    2. Uncertified OpenID Connect Implementations