|
1 | | ---- |
2 | | -title: "OpenID Provider Commands 1.0 - draft 00" |
3 | | -abbrev: "openid-provider-commands" |
4 | | -workgroup : "OpenID Connect" |
5 | | -docname: openid-provider-commands-1_0 |
6 | | -date: 2024-06-25 |
7 | | - |
8 | | -keyword: ["security", "openid", "lifecycle"] |
9 | | - |
10 | | -ipr: none |
11 | | -cat: std |
12 | | -wg: connect |
13 | | - |
14 | | -pi: |
15 | | - toc: yes |
16 | | - sortrefs: yes |
17 | | - symrefs: yes |
18 | | - private: yes |
19 | | - |
20 | | - |
21 | | -author: |
22 | | - - |
23 | | - ins: "D. Hardt" |
24 | | - name: "Dick Hardt" |
25 | | - org: "Hellō" |
26 | | - |
27 | | - |
28 | | - - |
29 | | - ins: "K. McGuinness" |
30 | | - name: "Karl McGuinness" |
31 | | - org: "Independent" |
32 | | - |
33 | | - |
34 | | -normative: |
35 | | - |
36 | | - OpenID.Core: |
37 | | - author: |
38 | | - - ins: N. Sakimura |
39 | | - name: Nat Sakimura |
40 | | - - ins: J. Bradley |
41 | | - name: John Bradley |
42 | | - - ins: M.B. Jones |
43 | | - name: Michael B. Jones |
44 | | - - ins: B. de Medeiros |
45 | | - name: Breno de Medeiros |
46 | | - - ins: C. Mortimore |
47 | | - name: Chuck Mortimore |
48 | | - date: November 2014 |
49 | | - target: https://openid.net/specs/openid-connect-core-1_0.html#IDToken |
50 | | - title: OpenID Connect Core 1.0 - ID Token |
51 | | - |
52 | | - |
53 | | - |
54 | | ---- abstract |
| 1 | +%%% |
| 2 | +title = "OpenID Provider Commands 1.0 - draft 00" |
| 3 | +abbrev = "openid-provider-commands" |
| 4 | +ipr = "none" |
| 5 | +workgroup = "OpenID Connect" |
| 6 | +keyword = ["security", "openid", "lifecycle"] |
| 7 | + |
| 8 | +[seriesInfo] |
| 9 | +name = "Internet-Draft" |
| 10 | +value = "openid-connect-commands-1_0" |
| 11 | +status = "standard" |
| 12 | + |
| 13 | +[[author]] |
| 14 | +initials="D." |
| 15 | +surname="Hardt" |
| 16 | +fullname="Dick Hardt" |
| 17 | +organization="Hellō" |
| 18 | + [author.address] |
| 19 | + |
| 20 | + |
| 21 | +[[author]] |
| 22 | +initials="K." |
| 23 | +surname="McGuinness" |
| 24 | +fullname="Karl McGuinness" |
| 25 | +organization="Independent" |
| 26 | + [author.address] |
| 27 | + |
| 28 | + |
| 29 | +%%% |
| 30 | + |
| 31 | +.# Abstract |
55 | 32 |
|
56 | 33 | OpenID Connect defines a protocol for an end-user to use an OpenID Provider (OP) to log in to a Relying Party (RP) and assert Claims about the end-user using an ID Token. RPs will often use the identity Claims about the user to implicitly (or explicitly) establish an Account for the user at the RP |
57 | 34 |
|
58 | 35 | OpenID Provider Commands complements OpenID Connect by introducing a set of Commands for an OP to directly manage an end-user Account at an RP. These Commands enable an OP to activate, maintain, suspend, reactivate, archive, restore, delete, and unauthorize an end-user Account. Command Tokens build on the OpenID Connect ID Token schema and verification, simplifying adoption by RPs. |
59 | 36 |
|
60 | | ---- middle |
| 37 | + |
| 38 | +{mainmatter} |
61 | 39 |
|
62 | 40 | # Introduction |
63 | 41 |
|
@@ -321,7 +299,7 @@ Lifecycle Commands transition the Account between the following states: |
321 | 299 |
|
322 | 300 | Following are the potential state transitions: |
323 | 301 |
|
324 | | -``` |
| 302 | +```text |
325 | 303 | +--------------------------------------- reactivate ---+ |
326 | 304 | | +--- maintain --+ | |
327 | 305 | | | | | |
@@ -655,45 +633,45 @@ If there are no Accounts for the Tenant at the RP, the RP responds with only the |
655 | 633 |
|
656 | 634 | The following is a non-normative example of a Streaming Response for an Audit Tenant Command: |
657 | 635 |
|
658 | | -``` |
659 | | -HTTP/1.1 200 OK |
660 | | -Content-Type: text/event-stream |
661 | | -Cache-Control: no-cache |
662 | | -Connection: keep-alive |
663 | | -Content-Encoding: gzip |
664 | | -
|
665 | | -id: 1 |
666 | | -event: account-state |
667 | | -data: { |
668 | | - "sub": "248289761001", |
669 | | - |
670 | | - "given_name": "Jane", |
671 | | - "family_name": "Smith", |
672 | | - "groups": [ |
673 | | - "b0f4861d-f3d6-4f76-be2f-e467daddc6f6", |
674 | | - "88799417-c72f-48fc-9e63-f012d8822ad1" |
675 | | - ], |
676 | | - "account_state": "active" |
677 | | -} |
| 636 | +```text |
| 637 | + HTTP/1.1 200 OK |
| 638 | + Content-Type: text/event-stream |
| 639 | + Cache-Control: no-cache |
| 640 | + Connection: keep-alive |
| 641 | + Content-Encoding: gzip |
| 642 | +
|
| 643 | + id: 1 |
| 644 | + event: account-state |
| 645 | + data: { |
| 646 | + "sub": "248289761001", |
| 647 | + |
| 648 | + "given_name": "Jane", |
| 649 | + "family_name": "Smith", |
| 650 | + "groups": [ |
| 651 | + "b0f4861d-f3d6-4f76-be2f-e467daddc6f6", |
| 652 | + "88799417-c72f-48fc-9e63-f012d8822ad1" |
| 653 | + ], |
| 654 | + "account_state": "active" |
| 655 | + } |
678 | 656 |
|
679 | | -id: 2 |
680 | | -event: account-state |
681 | | -data: { |
682 | | - "sub": "98765412345", |
683 | | - |
684 | | - "given_name": "John", |
685 | | - "family_name": "Doe", |
686 | | - "groups": [ |
687 | | - "88799417-c72f-48fc-9e63-f012d8822ad1" |
688 | | - ], |
689 | | - "account_state": "suspended" |
690 | | -} |
| 657 | + id: 2 |
| 658 | + event: account-state |
| 659 | + data: { |
| 660 | + "sub": "98765412345", |
| 661 | + |
| 662 | + "given_name": "John", |
| 663 | + "family_name": "Doe", |
| 664 | + "groups": [ |
| 665 | + "88799417-c72f-48fc-9e63-f012d8822ad1" |
| 666 | + ], |
| 667 | + "account_state": "suspended" |
| 668 | + } |
691 | 669 |
|
692 | | -id: 3 |
693 | | -event: command-complete |
694 | | -data: { |
695 | | - "total_accounts": 2 |
696 | | -} |
| 670 | + id: 3 |
| 671 | + event: command-complete |
| 672 | + data: { |
| 673 | + "total_accounts": 2 |
| 674 | + } |
697 | 675 | ``` |
698 | 676 |
|
699 | 677 |
|
|
0 commit comments