django-oidc-provider/docs/index.rst

Welcome to Django OIDC Provider Documentation!
==============================================

This tiny (but powerful!) package can help you to provide out of the box all the endpoints, data and logic needed to add OpenID Connect capabilities to your Django projects. And as a side effect a fair implementation of OAuth2.0 too. Covers Authorization Code, Implicit and Hybrid flows.

Also implements the following specifications:

* `OpenID Connect Discovery 1.0 <https://openid.net/specs/openid-connect-discovery-1_0.html>`_
* `OpenID Connect Session Management 1.0 <https://openid.net/specs/openid-connect-session-1_0.html>`_
* `OAuth 2.0 for Native Apps <https://tools.ietf.org/html/draft-ietf-oauth-native-apps-01>`_
* `OAuth 2.0 Resource Owner Password Credentials Grant <https://tools.ietf.org/html/rfc6749#section-4.3>`_
* `Proof Key for Code Exchange by OAuth Public Clients <https://tools.ietf.org/html/rfc7636>`_

--------------------------------------------------------------------------------

Before getting started there are some important things that you should know:

* Despite that implementation MUST support TLS, you *can* make request without using SSL. There is no control on that.
* Supports only requesting Claims using Scope values, so you cannot request individual Claims.
* If you enable the Resource Owner Password Credentials Grant, you MUST implement protection against brute force attacks on the token endpoint

--------------------------------------------------------------------------------

Contents:

.. toctree::
   :maxdepth: 2

   sections/installation
   sections/relyingparties
   sections/serverkeys
   sections/templates
   sections/scopesclaims
   sections/userconsent
   sections/oauth2
   sections/accesstokens
   sections/sessionmanagement
   sections/tokenintrospection
   sections/settings
   sections/signals
   sections/examples
   sections/contribute
   sections/changelog
..

Indices and tables
==================

* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`
Upload new docs. 2016-02-11 20:24:34 +00:00			`Welcome to Django OIDC Provider Documentation!`
			`==============================================`
Add new docs using sphinx. 2016-02-11 17:31:30 +00:00
Sphinx documentation fixes (#219) * Small wording change + fix in example template code * Added note about UserConsent not being in the admin * Mostly spelling corrections and phrasing changes * Moved template context explation from the settings to the templates page * Changed wording * Changed wording 2017-12-14 17:30:46 +00:00			`This tiny (but powerful!) package can help you to provide out of the box all the endpoints, data and logic needed to add OpenID Connect capabilities to your Django projects. And as a side effect a fair implementation of OAuth2.0 too. Covers Authorization Code, Implicit and Hybrid flows.`
Upload new docs. 2016-02-11 20:24:34 +00:00
Update docs. 2016-04-08 19:56:20 +00:00			`Also implements the following specifications:`

Add initial doc for session management. 2016-10-28 19:56:06 +00:00			* `OpenID Connect Discovery 1.0 <https://openid.net/specs/openid-connect-discovery-1_0.html>`_
			* `OpenID Connect Session Management 1.0 <https://openid.net/specs/openid-connect-session-1_0.html>`_
Update docs. 2016-04-08 19:56:20 +00:00			* `OAuth 2.0 for Native Apps <https://tools.ietf.org/html/draft-ietf-oauth-native-apps-01>`_
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property 2017-05-05 03:19:57 +00:00			* `OAuth 2.0 Resource Owner Password Credentials Grant <https://tools.ietf.org/html/rfc6749#section-4.3>`_
Update docs. 2016-04-08 19:56:20 +00:00			* `Proof Key for Code Exchange by OAuth Public Clients <https://tools.ietf.org/html/rfc7636>`_

Modify docs. 2016-02-12 19:22:47 +00:00			`--------------------------------------------------------------------------------`

Upload new docs. 2016-02-11 20:24:34 +00:00			`Before getting started there are some important things that you should know:`

Sphinx documentation fixes (#219) * Small wording change + fix in example template code * Added note about UserConsent not being in the admin * Mostly spelling corrections and phrasing changes * Moved template context explation from the settings to the templates page * Changed wording * Changed wording 2017-12-14 17:30:46 +00:00			`* Despite that implementation MUST support TLS, you can make request without using SSL. There is no control on that.`
			`* Supports only requesting Claims using Scope values, so you cannot request individual Claims.`
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property 2017-05-05 03:19:57 +00:00			`* If you enable the Resource Owner Password Credentials Grant, you MUST implement protection against brute force attacks on the token endpoint`
Add new docs using sphinx. 2016-02-11 17:31:30 +00:00
Modify docs. 2016-02-12 19:22:47 +00:00			`--------------------------------------------------------------------------------`

Add new docs using sphinx. 2016-02-11 17:31:30 +00:00			`Contents:`

			`.. toctree::`
			`:maxdepth: 2`
Provide doc for user consent model. 2016-06-13 16:26:33 +00:00
Modify docs. 2016-02-12 19:22:47 +00:00			`sections/installation`
Update docs. 2016-04-08 19:56:20 +00:00			`sections/relyingparties`
Modify docs. 2016-02-12 19:22:47 +00:00			`sections/serverkeys`
			`sections/templates`
Update docs. 2016-09-19 21:05:29 +00:00			`sections/scopesclaims`
Provide doc for user consent model. 2016-06-13 16:26:33 +00:00			`sections/userconsent`
Add OAuth2 documentation. 2016-02-18 19:24:31 +00:00			`sections/oauth2`
Improve docs. 2016-09-26 20:15:32 +00:00			`sections/accesstokens`
Add initial doc for session management. 2016-10-28 19:56:06 +00:00			`sections/sessionmanagement`
Token Introspection docs (#257) Added a new doc page related to Token Introspection Endpoint. The documentation includes some introduction with links to the related RFCs and examples. 2018-10-08 04:53:42 +00:00			`sections/tokenintrospection`
Modify docs. 2016-02-12 19:22:47 +00:00			`sections/settings`
Provide doc for signals. 2016-12-01 19:20:53 +00:00			`sections/signals`
Add more doc. 2016-09-06 18:38:52 +00:00			`sections/examples`
Modify docs. 2016-02-12 19:22:47 +00:00			`sections/contribute`
Move changelog into docs. 2018-04-05 20:27:01 +00:00			`sections/changelog`
Upload new docs. 2016-02-11 20:24:34 +00:00			`..`
Add new docs using sphinx. 2016-02-11 17:31:30 +00:00
			`Indices and tables`
			`==================`

			* :ref:`genindex`
			* :ref:`modindex`
			* :ref:`search`