Skip to Content
DocsIdentity LinkOpenID Connect Provider

OpenID Connect Provider

An OpenID Connect Provider (OP) is a server that authenticates users and provides identity information to applications using the OpenID Connect protocol. It’s a service that:

  1. verifies who the user is (authentication),
  2. issues identity tokens (usually in JWT format),
  3. shares user information (like email, name, etc.) with trusted applications, called Relying Parties (RPs).

General parameters:

  • OPENID_PROVIDER: boolean default false; enable OpenID Provider service.
  • OPENID_PROVIDER_WITH_ENDPOINT_APPLICATION: boolean default false; make the endpoint application reachable.

Parameters for the Identity Provider where n is a positive natural number:

  • OPENID_PROVIDER_CLIENT_ID_n: string; it identifies the OIDC client during authentication flows.
  • OPENID_PROVIDER_CLIENT_SECRET_n: string; a confidential string shared between the OpenID Provider (OP) and the client application (also called the Relying Party)
  • OPENID_PROVIDER_SUPPORTED_CALLBACK_CSV_n: string; specifies a comma-separated list of allowed redirect URIs (callback URLs) for the corresponding client

The discovery endpoint is located {context}/.well-known/openid-configuration; {context} can vary based on where the rule is applied to: it can be blank or for example /application if /application is the configured base uri path.

Last updated on