Authentication strategy

OpenID protocol

In order to manage authentication, we decide to support the OpenID protocol which is a layer on top of OAuth2 protocol.
This technology is active since years and heavily supported by many big actors of the Web.
It will allow us to separate the authentication layer from the business logic one by calling a third-party application.
Each platform wishing to join the project must create a client on the server of our partner lescommuns.org. Contact the DFC team for this.
OIDC is federeted and centralized athentification protocol. Other decentralized protocol as WebID-OIDC or DID exists but are not mature.

JWT token

The OpenID authentication is based on the exchange of token based on JSON Web Token standard.
Basically, these token are based on encoding JSON data into base 64. The token is signed using a public key that you can find here.

Explanatory scheme

Platform Authentificaiton not OIDC driven
Platform Authentificaiton OIDC driven