Expand description
§securitydept-token-set-context
Unified product surface for the securitydept OIDC mode family,
symmetric with the frontend token-set-context-client TS SDK.
§Canonical public surface
| Module | Description |
|---|---|
backend_oidc_mode | Canonical — unified backend OIDC capability framework (capabilities, config, runtime, service, transport) |
frontend_oidc_mode | Frontend OIDC — config, runtime, service, cross-boundary contracts |
access_token_substrate | Cross-mode shared substrate: resource-server verification, propagation, forwarder |
orchestration | Cross-mode shared config, OIDC client, provider infrastructure |
models | Shared auth-state data models |
§Mode relationship
backend-oidcis the canonical unified surface. It parameterizes runtime behaviour through capability axes (refresh_material_protection,metadata_delivery,post_auth_redirect). Adopters configure the axes directly — no preset indirection needed.frontend-oidchas no backend OIDC client runtime — the browser owns the full OIDC lifecycle. This module provides formal config, runtime, and service patterns alongside cross-boundary contracts describing what the backend expects from frontend-produced tokens.
§Entry point
Adopters should enter via backend_oidc_mode for new integrations,
use orchestration for shared config resolution, and
access_token_substrate for token verification and propagation.
Modules§
- access_
token_ substrate - Shared access-token substrate — cross-mode runtime infrastructure.
- backend_
oidc_ mode backend-oidcmode — unified backend OIDC capability framework.- cross_
mode_ config - frontend_
oidc_ mode frontend-oidcmode — config, runtime, service, capabilities, and cross-boundary contracts.- models
- orchestration
- Shared orchestration abstractions — cross-mode lifecycle infrastructure.