OAuth2 and OpenID Connect section needs reference to certified libraries #28
Comments
|
The guides we have right now are on implementing OAuth/OIDC clients, where I'm not sure if there are certifications for it. |
|
The OpenID Foundation lists certified Libraries. It is sad that you limit yourself to own implementation... using certified libraries still requires configuration and architecture to make it a production grade service which a part where your guidance is important Still even if you want to hear just about self implementation, if you had explored a little bit more the link provide, you would have seen that the OpenID foundation provides also a program for one to certify their implementation OAuth2 / OIDC : https://openid.net/how-to-certify-your-implementation/ So why do you close this issue? |
|
Sorry, it was very late at night and I mixed up relying parties and identity providers. I'll update page to mention certified implementations. I don't plan to go into specific configuration recommendation tho since that's out of scope of the book. Honestly, I should probably create a dedicated page on OIDC |
While other sections like password storage are giving recommendations of libraries usage to support security functions, the OAuth2/OpenID Connect sections don't do the same.
This should link to OIDC certified implementations by the OpenID Foundation: https://openid.net/developers/certified-openid-connect-implementations/
The text was updated successfully, but these errors were encountered: