これの話です。 http://togetter.com/li/463503
(追記 : この考察ではiframeでTwitterの認可URL指定してもX-Frame-Options設定されてるやんけ問題が未解決と思ったらなにやら更新されてたのでもう様子見)
あくまでこれ前提で考えてます。間違ってたらごめんなさいね。
Ryo Ito ritou
ritou
/ gist:5053810
Last active
December 14, 2015 07:49
ritou
/ openssl-rsa-pubkey-handling.pl
Last active
December 13, 2015 20:09
openssl-rsa-pubkey-handling.pl This is RSA Public key Handling.
1. X.509 Cert to Public Key.
2. Modulus, Exponent to Public Key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| use strict; | |
| use warnings; | |
| use Crypt::OpenSSL::CA; | |
| use Crypt::OpenSSL::RSA; | |
| use Crypt::OpenSSL::Bignum; | |
| use MIME::Base64 qw(decode_base64); |
ritou
/ validate_id_token_using_JSON_WebToken.pl
Created
February 14, 2013 19:50
ID Token validation using JSON::WebToken module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| use strict; | |
| use warnings; | |
| use Crypt::OpenSSL::CA; | |
| use JSON::WebToken; | |
| use Data::Dump qw(dump); | |
| my $jwt = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzNTk0Mjg3MTgsInN1YiI6IlU2WFRQa0YzNGd1dmVzdTVrQktKTmtobXloY0tKX2FqWHFtTDBzZFVJTVUiLCJpYXQiOjEzNTk0MjgxMTgsImF1ZCI6IjVaUDcyYzdDbEQyUXlyR0dmcTFrWXkxMzU5NDIxMjA1IiwiaXNzIjoiaHR0cHM6Ly8ybmRhdXRoLm9wZW5pZGNvbm5lY3QuaW5mbyJ9.g-xh044m2h402Pk9oEvYU-gv7_qjrrY1HuO7BQukC4jhYQMLcXcc8W9orW5vbt7_Hymi9ZU8KRl6Et01L9FXZ73HkFn4DokEPo76LyF1JnVA3DfBuX2izh_qprX-fyzOmq7SxGzWwSnDMJGjRHpWXifyeE8dhwSE4tmC2Cu-FNWqHzkJmYCUQoHwAgAFx4e4oOwcs59Q9o1OA21-p8g8_4_9W9QHf6dUeo42-TdKU82M9KiUrXsaV3X3ed9evLvMkDmHMFPZskd1OgzLQkkQ-1mNhXqlB8fJLOL1LpBC5f_xY1y_iwi6gRnmbHST1c6ji5QawpjBu_HdLV6-0ufyjQ"; |
ritou
/ signatureverification.php
Created
October 19, 2012 10:27
ID Token Verification using JWK URL and x509 URL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # preparation | |
| ## OpenID Connect library(use only http client) | |
| $ pear install openpear/Akita_OpenIDConnect-alpha | |
| ## RSA Crypt and X.509 handling library | |
| $ pear channel-discover phpseclib.sourceforge.net | |
| $ pear install phpseclib/Crypt_RSA | |
| $ pear install phpseclib/File_X509 | |
| # PHP Source | |
| $ cat signatureverification.php |
OpenID Connect InteropでRPが実施すべきテスト一覧を残しておく。
Use the OP http://www.kodtest.se:8088/ . This OP supports provider info discovery and client registration. When you issue the authorization request specify for instance scope="openid email". To verify that the OP acted on the scope specification you have to do a Userinfo request and check that there it contains email and email_verified claims.
- リクエストでscope=openid emailを指定
- UserInfoレスポンスでemail, verifiedが返ってくることを確認
- Supported :
- http://openid.bitbucket.org/openid-connect-session-1_0.html
- Not Supported yet :
- discovery of OP iframe URL and logout URL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ubuntuでoictestを動かすまでにやったこと | |
| $ mkdir ~/oictest | |
| $ cd ~/oictest | |
| # ソース落とす | |
| $ git clone git://github.com/rohe/pyoidc.git | |
| # $ git clone git://github.com/andreassolberg/oictest.git | |
| # oictestは自分でforkしたものを利用する | |
| $ git clone git@github.com:ritou/oictest.git |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oic_flow_tests.py ryo > ryo.out | |
| $ cat ryo.out | |
| * (mj-00)Client registration Request - OK | |
| * (mj-01)Request with response_type=code - OK | |
| * (oic-code-token)Simple authorization grant flow - OK | |
| * (mj-39)Trying to use access code twice should result in an error - OK | |
| * (mj-40)Trying to use access code twice should result in revoking previous issued tokens - OK | |
| * (oic-code-token-userinfo_bb)Authorization grant flow response_type='code token', | |
| UserInfo request using POST and bearer body authentication - OK | |
| * (mj-02)Request with response_type=token - OK |