JWTConnect is a collection of OpenIDConnect (OIDC) Relaying Party (RP) Client libraries.
Presently only the Python language implementation is available, soon to be made available are Java and
JavaScript libraries too.
JWTConnect aims at being complete OIDC RP implementations. We also strive to make them as secure as possible.
Independent of programming language a common design criteria was that programmers moving between the
languages should recognise the layout.
We have therefor tried to keep the APIs as similar as possible.
Working with the implementations we split the work into 4 layers. Each layer depends on underlying layers.
Starting from the lowest layer and working upwards this is a very high level description of each of them:
cryptojwt
Implements RFC 7515-7519 and tools for handling cryptographic keys
oidcmsg
Implements a basic Message class with methods for deserialising and serialising to/fro
urlencoded/json/jwt.
Oidcmsg defines subclasses for all the requests/responses in OAuth2/OIDC.
Each subclass has a verify method that based on information in the subclass about required/optional
claims for a specific response/request, their types and in some cases allowed values, can verify that
the
message is correct as specified by the standard.
oidcservice
The RP uses services provided by an AS/OP. Services like web finger, provider info discovery,
authorisation
and so on. Each of these services are represented by a subclass of a general Service class. Each service
class
has access to a Service Context class which keeps information which is specific to an AS/OP but
independent
of which user is using the RP to talk to an AS/OP. To keep user specific information there is an
interface
to a State database.
oidcrp
Implements the interface that an implementor that wants to add RP functionality to a program/service
should use. A normal implementor should never have to bother with the underlying libraries.