OpenID Connect

OCaml and ReasonML native

Ulrik Strid

@ulrikstrid - Github, Twitter and Discord

DevOps @ Xenit AB
Building OIDC providers and other fun stuff

We're hiring!

Why OIDC?

Open standard
easy to integrate

How does it work?

Providers and Clients

Authentication flows

Authentication flows

Didn't you say OCaml?

OCaml OIDC client

Certification process

Build your library

Setup e2e tests

Complete all tests

Send results

So what?

It should work with any implementation

(that follows the standard)

My road to a certified library

What was there?

  • Mirage crypto (formerly Nocrypto)
  • Uri, Base64, yojson ... etc
  • Hype around Httpaf

What was not?

  • No solid JWT/JWK implementation
  • No nice (for me) web story
    • Cohttp was "slow"
    • No cookie solution

JOSE

JavaScript Object Signing and Encryption

  • ocaml-jwt
  • jwto

Needed more than they provided
JWK is a important missing piece in both

ocaml-cookie

I got tired of doing cookies ad-hoc

Test suite with 100 or so tests
from IETF's http-state working group

Morph

A web framework

Grew out of me trying to build a OIDC Provider

Lowering my goals

Client instead of a Provider

Slightly easier (less state)

More usefull for others

Not as cool

Thanks

Antonio Monteiro

(Well maintained) Httpaf fork

H2 - http2 implementation

Piaf - Superb http client (and server)

A lot of feedback and pushing

Demo time!

Questions?

Links

https://openid.net/
OpenID Foundation

https://github.com/ulrikstrid/ocaml-oidc
OpenID Connect for OCaml and Reason

https://github.com/ulrikstrid/reason-jose
JWT, JWE and JWK for native

https://github.com/reason-native-web/morph