# Authentication strategy

## OpenID protocol

In order to manage authentication, we decide to support the [OpenID protocol](https://openid.net/connect/) which is a layer on top of [OAuth2 protocol](https://oauth.net/2/).

This technology is active since years and heavily supported by many big actors of the Web.

It will allow us to separate the authentication layer from the business logic one by calling a third-party application.

Each platform wishing to join the project must create a client on the server of our partner lescommuns.org. Contact the DFC team for this.

OIDC is federeted and centralized athentification protocol. Other decentralized protocol as WebID-OIDC or DID exists but are not mature.

## JWT token

The OpenID authentication is based on the exchange of token based on [JSON Web Token standard](https://jwt.io/).

Basically, these token are based on encoding JSON data into base 64. The token is signed using a public key that you can find [here](https://simonlouvet.github.io/config-private/DFC-Proto/config.json).

## Explanatory scheme

![Platform Authentificaiton not OIDC driven](/files/-MSgIGPJGyBNl2TUDVEd)

![Platform Authentificaiton OIDC driven](/files/-MSgKen5-k05boEhLdAv)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.dfc-standard.org/dfc-standard-documentation/technical-specifications/authentication-strategy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.