Skip to Content
DocsIdentity LinkOpenID Connect Relying Party

OpenID Connect Relying Party

OpenID Connect (OIDC) is an authentication protocol built on top of OAuth 2.0 that allows applications (called Relying Parties) to verify a user’s identity and obtain profile information in a secure, standardized way.

Parameters for the Identity Provider where n is a positive natural number:

  • ISSUER_n: url; location of the OpenID Connect well-known file; e.g., https://www.acme.org/.well-known/openid-configuration.
  • CLIENT_ID_n: string; a public identifier for the application. Created during client registration on the server.
  • CLIENT_SECRET_n: string; a secret key known only to the client and the authorization server. Created during client registration on the server.
  • OIDC_USERINFO_ENDPOINT_n (optional) (OpenID Connect and OpenID Federation only): boolean default false; merges user information from the userinfo endpoint with the JWT access token.
  • OIDC_SKIP_ISSUER_VERIFICATION_n (optional) (OpenID Connect only): boolean default false; typically used for cross-tenant authentication, allows skipping issuer verification that initiated authentication. During the callback phase, the Identity Provider will pass the issuer of each cross-tenant user.
  • OIDC_REPLACE_IN_ENTITY_CONFIGURATION_n (optional) (OpenID Connect only): string with syntax toReplaceWord=newWord; used for replacing words in the entity configuration across tenants (e.g., Microsoft Entra, {tenantid}=5c756555-a890-459f-9f63-7738015a32e2).
  • OIDC_SCOPES_CSV_n (optional) (OpenID Connect and OpenID Federation only): csv; filter for scopes in the Identity Provider metadata.
Last updated on