OpenID Connect (OIDC) authorization
Authorizes a user request via OpenID Connect (OIDC).
There is no need that the actual user exists in any way on the host machine of Bifröst. Even if the local environment is used together with createIfAbsent
and updateIfDifferent
set to true
, it will create/update the users. There is no need for tools like Puppet or Ansible.
This provides an easy way for SSO in all types of organizations, small or big. See use cases for more details.
Currently, the following flow of OpenID Connect is supported:
Device Auth
Properties
type
Authorization Type = "oidc"
Has to be set to oidcDeviceAuth
to enable the OIDC DeviceAuth authorization.
issuer
The issuer is the URL identifier for the service which is issued by your identity provider.
Examples
https://login.microsoftonline.com/my-great-tenant-uuid/v2.0
https://accounts.google.com
https://login.salesforce.com
clientId
string Core
Client ID issued by your identity provider.
clientSecret
string Core
Secret for the corresponding Client ID.
scopes
[]string Core = ["openid", "profile", "email"]
Scopes to request the token from the identity provider for.
Examples
1 2 3 4 |
|
retrieveIdToken
bool = true
Will retrieve the ID Token and makes it available in the corresponding context via idToken
.
retrieveUserInfo
bool = false
Will retrieve the UserInfo and makes it available in the corresponding context via userInfo
.
Context
This authorization will produce a context of type Authorization OIDC.
Examples
1 2 3 4 5 6 7 8 |
|
Compatibility
linux |
windows |
---|---|
/ | / |