Skip to Content
DocsIdentity LinkOpenID Connect Provider

OpenID Connect Provider

An OpenID Connect Provider (OP) is a server that authenticates users and provides identity information to applications using the OpenID Connect protocol. It’s a service that:

  1. verifies who the user is (authentication),
  2. issues identity tokens (usually in JWT format),
  3. shares user information (like email, name, etc.) with trusted applications, called Relying Parties (RPs).

General parameters:

  • OPENID_PROVIDER: boolean default false; enable OpenID Provider service.
  • OPENID_PROVIDER_WITH_ENDPOINT_APPLICATION (opzionale): boolean default false; make the endpoint application reachable.

Parameters for the element where n is a positive natural number:

  • OPENID_PROVIDER_CLIENT_ID_n: string; it identifies the OIDC client during authentication flows.
  • OPENID_PROVIDER_CLIENT_SECRET_n: string; a confidential string shared between the OpenID Provider (OP) and the client application (also called the Relying Party)
  • OPENID_PROVIDER_SUPPORTED_CALLBACK_CSV_n: string; specifies a comma-separated list of allowed redirect URIs (callback URLs) for the corresponding client

The discovery endpoint is located in {context}/.well-known/openid-configuration; {context} can vary depending on where the rule is applied: it can be empty or, for example, /application if /application is the configured base path.

Add the token endpoint (it’s a built-in local service) with address 127.0.0.1, port 5555, SSL=false. The uriPath must be {context}/token (proxyUrl=/callback only if {context} is not empty). You must also apply the same rule that applies to the service.

Last updated on