OpenID Connect Provider
An OpenID Connect Provider (OP) is a server that authenticates users and provides identity information to applications using the OpenID Connect protocol. It’s a service that:
- verifies who the user is (authentication),
- issues identity tokens (usually in JWT format),
- shares user information (like email, name, etc.) with trusted applications, called Relying Parties (RPs).
General parameters:
- OPENID_PROVIDER:
boolean
defaultfalse
; enable OpenID Provider service. - OPENID_PROVIDER_WITH_ENDPOINT_APPLICATION:
boolean
defaultfalse
; make the endpoint application reachable.
Parameters for the Identity Provider where n is a positive natural number:
- OPENID_PROVIDER_CLIENT_ID_n:
string
; it identifies the OIDC client during authentication flows. - OPENID_PROVIDER_CLIENT_SECRET_n:
string
; a confidential string shared between the OpenID Provider (OP) and the client application (also called the Relying Party) - OPENID_PROVIDER_SUPPORTED_CALLBACK_CSV_n:
string
; specifies a comma-separated list of allowed redirect URIs (callback URLs) for the corresponding client
The discovery endpoint is located {context}/.well-known/openid-configuration
; {context}
can vary based on where the rule is applied to: it can be blank or for example /application
if /application
is the configured base uri path.
Last updated on