Results of OpenID Connect Doctor AMOS Project with SEAL Systems (Video and Report, Summer 2022 Project)
This project is one of eight Scrum projects with industry partners that were part of the Summer 2022 AMOS Projects. Below please find the video (you may also like the other videos) and the project summary which details the final result of the project. We run these projects every semester, so please be in touch if you would like to motivate one of your own!
|Project name||OpenID Connect Doctor|
|Project mission||Our ambitious goal is to develop a fast and easy-to-use tool that is able to provide the users with the analysis of the OpenID Connect tokens and thus allows them to document the endpoint and token structure. Core functionality will be endpoint analysis, requesting tokens, token analysis and providing a short summary to the user.|
|Industry partner||SEAL Systems AG|
|Project summary||The OpenID Connect Doctor is a tool to test and check OpenID Connect providers. Using the OIDC Doctor, a user can view the endpoint of an OIDC provider and in case valid credentials are provided a decoded token can be viewed. For both the endpoint and the token, the user can check whether the JSON structure of the object matches their own expectations (does value x exist, etc.) by checking against a schema. Furthermore, the user can validate the token signature either against the public key provided by the OIDC provider or by using their own public key. To request for a token, the OIDC Doctor supports three different means of requesting a token; the Password Grant, Client Credential Grant, and Authorization Code Flow. In case they have a token generated using a different means of authorization, the token can still be validated. Finally, in case any errors occur at any point while using the application, the OIDC Doctor has a detailed protocol, which can be used to find the reason for why the error occurred.|