Proof of concept - JWT Federations

Notice: This is experimental proof of concept software used to experiment and learn about building trust between OpenID Connect and OAuth entities. Can not be used for any production systems.

JWTFed is a Node.js library that implements creating and signing entity statements, validation of entity statements, validation of trust chains, Webfinger client fetching entity statements, resolving protocol specific metadata and more.

There is a demo script that generates a chain of entity statements and then validates it.

JWTserver is a Node.js server that can act as a federation issuing statements about clients, providers or other federations. It also implements the WebFinger lookup points needed for both clients and providers to serve their own metadata.

Demo deployment

Here are a few entities that is currently running and can be used for experimentation and demoing.

https://serviceprovider.andreas.labs.uninett.no/application1007
https://ntnu.andreas.labs.uninett.no/
https://feide.andreas.labs.uninett.no/jwtfederation
https://edugain.andreas.labs.uninett.no/openid

Self issued statement from serviceprovider

NTNU issues statement about serviceprovider

Feide issues statement about NTNU

eduGAIN issues statement about Feide

Running a test

You can clone the jwtfed repository and run a CLI command to lookup the OpenID Connect Client metadata for our demo client, with a locally configured edugain trust root, like this:

clear; node lookup.js openidClient https://serviceprovider.andreas.labs.uninett.no/application1007