globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity
canaille-globuzma/doc/development/specifications.rst
Éloi Rivard 18a711ef7d
doc: features and use cases documentation
2024-05-21 11:07:07 +02:00

101 lines
7 KiB
ReStructuredText
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Specifications
##############
This page details which specifications are implemented in Canaille, and compares Canaille with other well-known identity providers.
State of the specs in Canaille
==============================
OAuth2
------
-`RFC6749: OAuth 2.0 Framework <https://tools.ietf.org/html/rfc6749>`_
-`RFC6750: OAuth 2.0 Bearer Tokens <https://tools.ietf.org/html/rfc6750>`_
-`RFC7009: OAuth 2.0 Token Revocation <https://tools.ietf.org/html/rfc7009>`_
-`RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants <https://tools.ietf.org/html/rfc7523>`_
-`RFC7591: OAuth 2.0 Dynamic Client Registration Protocol <https://tools.ietf.org/html/rfc7591>`_
-`RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol <https://tools.ietf.org/html/rfc7592>`_
-`RFC7636: Proof Key for Code Exchange by OAuth Public Clients <https://tools.ietf.org/html/rfc7636>`_
-`RFC7662: OAuth 2.0 Token Introspection <https://tools.ietf.org/html/rfc7662>`_
-`RFC8414: OAuth 2.0 Authorization Server Metadata <https://tools.ietf.org/html/rfc8414>`_
-`RFC8428: OAuth 2.0 Device Authorization Grant <https://tools.ietf.org/html/rfc8428>`_
-`RFC8693: OAuth 2.0 Token Exchange <https://tools.ietf.org/html/rfc8693>`_
-`RFC8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens <https://tools.ietf.org/html/rfc8705>`_
-`RFC8707: Resource Indicators for OAuth 2.0 <https://tools.ietf.org/html/rfc8707>`_
-`RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens <https://tools.ietf.org/html/rfc9068>`_
-`RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR) <https://tools.ietf.org/html/rfc9101>`_
-`RFC9126: OAuth 2.0 Pushed Authorization Requests <https://tools.ietf.org/html/rfc9126>`_
-`RFC9207: OAuth 2.0 Authorization Server Issuer Identification <https://tools.ietf.org/html/rfc9207>`_
-`RFC9394: OAuth 2.0 Rich Authorization Requests <https://www.rfc-editor.org/rfc/rfc9396.html>`_
-`OAuth2 Multiple Response Types <https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html>`_
-`OAuth2 Form Post Response Mode <https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html>`_
OpenID Connect
--------------
-`OpenID Connect Core <https://openid.net/specs/openid-connect-core-1_0.html>`_
-`OpenID Connect Discovery <https://openid.net/specs/openid-connect-discovery-1_0.html>`_
-`OpenID Connect Dynamic Client Registration <https://openid.net/specs/openid-connect-registration-1_0.html>`_
-`OpenID Connect RP Initiated Logout <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>`_
-`OpenID Connect Session Management <https://openid.net/specs/openid-connect-session-1_0.html>`_
-`OpenID Connect Front Channel Logout <https://openid.net/specs/openid-connect-frontchannel-1_0.html>`_
-`OpenID Connect Back Channel Logout <https://openid.net/specs/openid-connect-backchannel-1_0.html>`_
-`OpenID Connect Back Channel Authentication Flow <https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html>`_
-`OpenID Connect Core Error Code unmet_authentication_requirements <https://openid.net/specs/openid-connect-unmet-authentication-requirements-1_0.html>`_
-`Initiating User Registration via OpenID Connect 1.0 <https://openid.net/specs/openid-connect-prompt-create-1_0.html>`_
SCIM
----
-`RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements <https://www.rfc-editor.org/rfc/rfc7642>`_
-`RFC7643: System for Cross-domain Identity Management: Core Schema <https://www.rfc-editor.org/rfc/rfc7642>`_
-`RFC7644: System for Cross-domain Identity Management: Protocol <https://www.rfc-editor.org/rfc/rfc7642>`_
Comparison with other providers
===============================
Here is a feature comparison with other OpenID Connect server software.
Canaille voluntarily only implements the OpenID Connect protocol to keep its codebase simple.
+---------------+-------+-----------+------+---------------------------+--------------+
| Software | Project | Protocols implementations | Backends |
| +-------+-----------+------+------+------+------+------+------+-------+
| | FLOSS | Language | LOC | OIDC | SAML | CAS | SCIM | LDAP | SQL |
+===============+=======+===========+======+======+======+======+======+======+=======+
| Canaille | ✅  | Python | 10k | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `Auth0`_ | ❌  | ❔ | ❔ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `Authelia`_ | ✅  | Go | 50k | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `Authentic2`_ | ✅  | Python | 65k | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `Authentik`_ | ✅  | Python | 55k | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `CAS`_ | ✅  | Java | 360k | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `Connect2id`_ | ❌  | ❔ | ❔ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `Gluu`_ | ✅  | Java | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `Hydra`_ | ✅  | Go | 50k | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `Keycloak`_ | ✅  | Java | 600k | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `LemonLDAP`_ | ✅  | Perl | 130k | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
| `Okta`_ | ❌  | ❔ | ❔ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ |
+---------------+-------+-----------+------+------+------+------+------+------+-------+
.. _Auth0: https://auth0.com
.. _Authelia: https://authelia.com
.. _Authentic2: https://dev.entrouvert.org/projects/authentic
.. _Authentik: https://goauthentik.io
.. _CAS: https://apereo.github.io/cas
.. _Connect2id: https://connect2id.com
.. _Gluu: https://gluu.org
.. _Hydra: https://ory.sh
.. _Keycloak: https://keycloak.org
.. _LemonLDAP: https://lemonldap-ng.org
.. _Okta: https://okta.com
View git blame Copy permalink