AB/Connect Working Group - Specifications
The AB/Connect working group is a combined working group of the Artifact Binding (AB) Working Group and the Connect Working Group aimed at producing the OAuth 2.0 based “OpenID Connect” specifications. It also includes a project named OpenID for Verifiable Credentials which consists of three specifications. AB/Connect Working Group
OVERVIEW
AB/Connect Working Group
CHARTER
AB/Connect Working Group
SPECIFICATIONS
AB/Connect Working Group
REPOSITORY
The working group has been developing the following specifications:
Final Specifications
- OpenID Connect Core – Defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of claims to communicate information about the End-User
- OpenID Connect Discovery – Defines how clients dynamically discover information about OpenID Providers
- OpenID Connect Dynamic Registration – Defines how clients dynamically register with OpenID Providers
- OAuth 2.0 Multiple Response Types – Defines several specific new OAuth 2.0 response types
- OAuth 2.0 Form Post Response Mode – Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST
- OpenID 2.0 to OpenID Connect Migration 1.0 – Defines how to migrate from OpenID 2.0 to OpenID Connect
- OpenID Connect RP-Initiated Logout – Defines how a Relying Party requests that an OpenID Provider log out the End-User
- Session Management – Defines how to manage OpenID Connect sessions, including postMessage-based logout and RP-initiated logout functionality
- Front-Channel Logout – Defines a front-channel logout mechanism that does not use an OP iframe on RP pages
- Back-Channel Logout – Defines a logout mechanism that uses direct back-channel communication between the OP and RPs being logged out
- OpenID Connect Core Error Code unmet_authentication_requirements – Defines the unmet_authentication_requirements authentication response error code
- Initiating User Registration via OpenID Connect – Defines the prompt=create authentication request parameter
Implementer's Drafts
- OpenID Connect Federation 1.0 – Defines how sets of OPs and RPs can establish trust by utilizing a Federation Operator
– Implementer’ Draft (version that reflects most recent changes since the last WG draft)
– Prior Draft - Self-Issued OpenID Provider V2 – Enables End-users to use OpenID Providers (OPs) that they control
– Implementer’s Draft (version that reflects the most recent changes since the last WG draft)
– Prior draft - OpenID Connect Native SSO for Mobile Apps – Enables native applications by the same vendor to share login information
– Implementer’s Draft (version that reflects the most recent changes since the last WG draft)
– Previous draft
Drafts
- OpenID Connect Profile for SCIM Services – (Inactive) Defines how to use SCIM with OpenID Connect
- OpenID Connect Claims Aggregation – Enables RPs to request and Claims Providers to return aggregated claims through OPs
Resources
Two implementer’s guides are also available to serve as self-contained references for implementers of basic Web-based Relying Parties:
- Basic Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth code flow
- Implicit Client Implementer’s Guide – Simple subset of the Core functionality for a web-based Relying Party using the OAuth implicit flow