Configuring the OIDC parameters for a native OAuth provider

Open ID Connect (OIDC) provides an additional authentication protocol based on OAuth 2.0. OIDC provides user information encoded in a JSON Web Token, or JWT.

About this task

When you enable OpenID connect, a template is provided for generating ID tokens along with access tokens and the required assembly policies are automatically created. You can customize the policies to suit your needs in the API Editor. The sample key provided is for test purposes only and is used to sign the JWT token.

One of the following roles is required to configure an OIDC template for a native OAuth Provider:

  • Administrator
  • Owner
  • Topology Administrator
  • Custom role with the Settings:Manage permissions
Note: You can configure OIDC parameters only if the selected grant types for the native OAuth provider include at least one of the Implicit or Access code grant types; see Configuring basic settings for a native OAuth provider.

You can select the OIDC settings page for a native OAuth provider immediately on completion of the creation operation detailed in Configuring a native OAuth provider, or you can update the OIDC settings for an existing native OAuth provider. If you want to update the OIDC settings for an existing native OAuth provider, complete the following steps before following the procedure described in this topic:

  1. Click Resources icon Resources > OAuth Providers.
  2. Select the required native OAuth provider.

Procedure

Perform the following steps to configure an OIDC template:

  1. Click OpenID Connect in the sidebar menu.
  2. Select the initial check box to configure an OIDC Template. Enter the following parameters:
    Field Description
    DataPower API Gateway
onlySupport hybrid response types (optional) Select the response types for the OpenID Connect hybrid flow to be supported by this OAuth provider.
    DataPower API Gateway
onlyOpenId Connect URL Optionally specify a URL that is exposed by the provider and allows a client to send a request for information about the provider's publicly visible configuration. If you select the provider in the OIDC security definition for an OpenAPI 3 API, this URL is configured for you based on that information.
    DataPower Gateway (Classic)
onlyID token issuer Descriptive text to indicate the source of the key.
    DataPower Gateway (Classic)
onlyID token signing key Specify the JSON Web Key (JWK) to be used to sign the ID token.
    DataPower Gateway (Classic)
onlyID token signing algorithm Select the algorithm used to sign the token.
  3. Click Save when done. You can edit the policies by using the API Editor.

Results

Depending upon the visibility setting, the OAuth Provider can be used to secure the APIs in catalog.