Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve the description and names of the openId features #16697

Merged
merged 15 commits into from
Sep 11, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions src/OrchardCore.Modules/OrchardCore.OpenId/Manifest.cs
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,25 @@
using OrchardCore.OpenId;

[assembly: Module(
Name = "OpenID",
Name = "OpenID Connect",
Author = ManifestConstants.OrchardCoreTeam,
Website = ManifestConstants.OrchardCoreWebsite,
Version = ManifestConstants.OrchardCoreVersion
)]

[assembly: Feature(
Id = OpenIdConstants.Features.Core,
Name = "OpenID Core Components",
Name = "OpenID Connect Core Services",
Description = "Provides the foundational services for all OpenID Connect features.",
Category = "OpenID Connect",
Description = "Registers the core components used by the OpenID module.",
EnabledByDependencyOnly = true
)]

[assembly: Feature(
Id = OpenIdConstants.Features.Client,
Name = "OpenID Client",
Name = "OpenID Connect Client Integration",
Description = "Allows authentication of users through an external OpenID Connect authorization server (also known as an identity provider).",
Category = "OpenID Connect",
Description = "Authenticates users from an external OpenID Connect identity provider.",
Dependencies =
[
OpenIdConstants.Features.Core,
Expand All @@ -29,9 +29,9 @@

[assembly: Feature(
Id = OpenIdConstants.Features.Management,
Name = "OpenID Management Interface",
Name = "OpenID Connect Management UI",
Description = "Adds a user interface for managing OpenID Connect applications, scopes and permissions.",
Category = "OpenID Connect",
Description = "Allows adding, editing and removing the registered applications.",
Dependencies =
[
OpenIdConstants.Features.Core,
Expand All @@ -40,9 +40,9 @@

[assembly: Feature(
Id = OpenIdConstants.Features.Server,
Name = "OpenID Authorization Server",
Name = "OpenID Connect Authorization Server",
Description = "Enables Orchard Core to function as an OpenID Connect authorization server/identity provider, supporting authentication and token issuance using OpenID Connect and OAuth 2.0 standards. To enable token validation, activate the 'OpenID Connect Token Validation' feature.",
Category = "OpenID Connect",
Description = "Enables authentication of external applications using the OpenID Connect/OAuth 2.0 standards. In order to reach the ApiController endpoints within OrchardCore, it is necessary to activate the 'OpenID Token Validation' feature for authentication validation.",
Dependencies =
[
OpenIdConstants.Features.Core,
Expand All @@ -52,9 +52,9 @@

[assembly: Feature(
Id = OpenIdConstants.Features.Validation,
Name = "OpenID Token Validation",
Name = "OpenID Connect Token Validation",
Description = "Validates tokens issued by the local OpenID Connect authorization server or other trusted servers supporting JWT and OpenID Connect discovery.",
Category = "OpenID Connect",
Description = "Validates tokens issued by the Orchard OpenID server or by a remote server supporting JWT and OpenID Connect discovery.",
Dependencies =
[
OpenIdConstants.Features.Core,
Expand Down
46 changes: 28 additions & 18 deletions src/docs/reference/modules/OpenId/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,32 +2,42 @@

## OpenID Connect Module

`OrchardCore.OpenId` provides the following features:
`OrchardCore.OpenId` provides robust OpenID Connect functionality, enabling Orchard Core to act as an OpenID Connect server and client. The following features are available:

- Core Components
- Authorization Server
- Management Interface
- Token Validation
- OIDC Client
- **OpenID Connect Core Services**
- **OpenID Connect Authorization Server**
- **OpenID Connect Management UI**
- **OpenID Connect Authorization Server**
- **OpenID Connect Client Integration**

## Core Components
## Core OpenID Connect Services

Registers the core components used by the OpenID module.
This feature provides the essential services that underpin all other OpenID Connect features within Orchard Core. It includes fundamental components needed for secure communication, token handling, and user authentication.

## Management Interface
## OpenID Connect Management UI

Allows adding, editing and removing the registered applications.
Adds a management interface to the Orchard Core admin dashboard, enabling users to manage OpenID Connect applications, define and modify scopes, and configure application permissions through a user-friendly UI.

## Authorization Server
## OpenID Connect Authorization Server

Enables authentication of external applications using the OpenID Connect/OAuth 2.0 standards.
It is based on the [`OpenIddict`](https://github.com/openiddict/openiddict-core) library allowing Orchard Core to act as identity provider to support token authentication without the need of an external identity provider.
Allows Orchard Core to function as an OpenID Connect authorization server, also referred to as an identity provider (IdP). This feature enables authentication and the issuance of tokens, conforming to OpenID Connect and OAuth 2.0 standards.

- Orchard Core can also be used as an identity provider for centralizing the user access permissions to external applications.
- Orchard Core services.
- The authorization server feature maintains its own private JWT/validation handler instance for the userinfo API endpoint. This way, you don't have to enable the token validation feature for current tenant.
Key points:
- Orchard Core can serve as a centralized identity provider, allowing external applications to authenticate users and manage access control.
- Powered by the [`OpenIddict`](https://github.com/openiddict/openiddict-core) library, this feature supports token-based authentication without requiring an external identity provider.
- The authorization server takes care of validating the access tokens received by the `/connect/userinfo` API endpoint, so you don't need to enable the token validation feature for the current tenant.
- To validate issued tokens, ensure the 'OpenID Connect Token Validation' feature is activated.

Flows supported: [code/implicit/hybrid flows](http://openid.net/specs/openid-connect-core-1_0.html) and [client credentials/resource owner password grants](https://tools.ietf.org/html/rfc6749).
Supported flows include:
- [Authorization Code Flow](http://openid.net/specs/openid-connect-core-1_0.html)
- [Implicit Flow](http://openid.net/specs/openid-connect-core-1_0.html)
- [Hybrid Flow](http://openid.net/specs/openid-connect-core-1_0.html)
- [Client Credentials Grant](https://tools.ietf.org/html/rfc6749)
- [Resource Owner Password Grant](https://tools.ietf.org/html/rfc6749)

## OpenID Connect Token Validation

This feature is responsible for validating tokens issued either by Orchard Core's own OpenID Connect authorization server or by other trusted servers. It supports JSON Web Tokens (JWT) and OpenID Connect discovery, ensuring secure and reliable token validation across distributed applications.

### Configuration

Expand Down Expand Up @@ -84,7 +94,7 @@ A sample of OpenID Connect Settings recipe step:
}
```

### Client OpenID Connect Apps Configuration
### OpenID Connect Client Integration Configuration

OpenID Connect apps can be set through OpenID Connect Apps menu in the admin dashboard (through the Management Interface feature)
and also through a recipe step.
Expand Down