Configuring the OIDC parameters for a native OAuth provider

Open ID Connect (OIDC) provides an additional authentication protocol based on OAuth 2.0. OIDC provides user information encoded in a JSON Web Token, or JWT.

About this task

When you enable OpenID connect, a template is provided for generating ID tokens along with access tokens and the required assembly policies are automatically created. You can customize the policies to suit your needs in the API Editor. The sample key provided is for test purposes only and is used to sign the JWT token.

One of the following roles is required to configure an OIDC template for a native OAuth Provider:

  • Organization Administrator
  • Owner
  • Custom role with the System > Manage permissions
Note: You can configure OIDC parameters only if the selected grant types for the native OAuth provider include at least one of the Implicit or Access code grant types; see Configuring basic settings for a native OAuth provider.

You can select the OIDC settings page for a native OAuth provider immediately on completion of the creation operation detailed in Configuring a native OAuth provider, or you can update the OIDC settings for an existing native OAuth provider. If you want to update the OIDC settings for an existing native OAuth provider, complete the following steps before following the procedure described in this topic:

  1. Click Resources icon Resources > OAuth Providers.
  2. Select the required native OAuth provider.

Procedure

  1. Click OpenID Connect.
  2. Select Enable OIDC and then enter the following parameters as appropriate:
    Field Description
    Support hybrid response types Optional. Select the response types for the OpenID Connect hybrid flow to be supported by this OAuth provider.
    Auto Generate OIDC API Assembly Optional. Select this option to generate the full OIDC assembly. Leave this option unselected to simply enable OIDC support in the OAuth provider, and allow developers to implement their own assemblies.
    ID token issuer Descriptive text to indicate the source of the key.
    ID token signing crypto object The cryptographic object to use to sign the token.
    ID token signing key The JSON Web Key (JWK) to be used to sign the ID token.
    ID token signing key identifier The key ID used for signing the token.
    ID token signing algorithm The algorithm used to sign the token.
    OpenIDConnect Discovery path A URL that is exposed by the provider and allows a client to send a request for information about the provider's publicly visible configuration.
  3. Click Save when done.

Results

You can use the OAuth Provider to secure the APIs in a catalog. You can edit the policies using the API Editor.