OpenID Connect 1.0 in Haskell
An OpenID Connect 1.0 compliant library written in Haskell.
The primary goals of this package are security and usability.
This library mostly focuses on the client side of the OpenID Connect protocol.
Authorization Code (see
- Implicit (partial implementation, patches welcome) (§3.2)
- Hybrid (partial implementation, patches welcome) (§3.3)
- ID Token validation via the jose library (§2)
- Additional OIDC claim validation (e.g.,
azp, etc.) (§2)
- Full support for all defined forms of client authentication (§9)
- Handles session cookie generation and validation (§18.104.22.168, §15.5.2)
- Dynamic Client Registration 1.0.
Some utility types and functions are available to assist in the writing of an OIDC Provider:
- Discovery document (OpenID Connect Discovery 1.0 §3)
- Key generation (simple wrapper around jose)
We plan on fully certifying this implementation using the following profiles:
- Basic Relying Party
- Implicit Relying Party
- Hybrid Relying Party
- Relying Party Using Configuration Information
- Dynamic Relying Party
- Form Post Relying Party