This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring OAuth2/OpenID Connect
OAuth 2.0 is an authorization framework that is capable of providing a way for clients to access a resource with restricted access on behalf of the resource owner. OAuth 2.0 is capable of authorizing the flows for web applications, desktop applications and mobile applications among others.
OpenID Connect is an authentication protocol built on top of OAuth 2.0, which facilitates clients to verify the end-user identity against the authentication performed by an authorization server. At the same time, it provides methods to transfer the end user information through claims.
With OAuth as its base, OpenID Connect allows many types of clients such as web-based clients, mobile clients and javascript clients to verify the users with an authorization server-based authentication.
To navigate to the federated authenticators configuration section, do the following.
- Sign in. Enter your username and password to log on to the Management Console.
- Navigate to the Main menu to access the Identity menu. Click Add under Identity Providers.
For more information, see Configuring an Identity Provider. Fill in the details in the Basic Information section.
You can configure the following federated authenticators by expanding the Federated Authenticators section followed by the required subsections.
- Expand the OAuth2/OpenID Connect Configuration form.
Fill in the following fields where relevant.
Field Description Sample value Enable OAuth2/OpenIDConnect Selecting this option enables OAuth2/OpenID Connect to be used as an authenticator for users provisioned to the Identity Server. Selected Default Selecting the Default checkbox signifies that the OAuth2/OpenID Connect credentials are the main/default form of authentication. This removes the selection made for any other Default checkboxes for other authenticators. Selected Authentication Endpoint URL This is the authentication URL for OAuth/OpenID Connect. This is a standard OAuth URL. This is the URL to which authentication requests are sent. https://localhost:9443/oauth2/authorize/ Token Endpoint URL This is the token endpoint URL. This is a standard OAuth URL. https://localhost:9443/oauth2/token/ Client Id The username of the web application. The Client Id and Client Secret are necessary as they will be used for authentication at the Authentication Endpoint and Token Endpoint. 1421263438188909 Client Secret The password of the web application. Click the Show button to view the value you enter. 12ffb4dfb2fed67a00846b42126991f8 Callback URL This is the URL to which the browser should be redirected after the authentication is successful. It should have this format: https://(host-name):(port)/commonauth
.https://localhost:9443/commonauth OpenID Connect User ID Location Select whether the User ID is found in the 'sub' attribute that is sent with the OpenID Connect request or if it is found among claims. User ID found in 'sub' attribute Additional Query Parameters This is necessary if you are connecting to another Identity Server or application. Sometimes extra parameters are required by this IS or application so these can be specified here. paramName1=value1
- Identity Federation is part of the process of configuring an identity provider. For more information on how to configure an identity provider, see Configuring an Identity Provider.
- See Login to Identity Server using another Identity Server - OAuth2 for a sample of using OAuth2/OpenIDConnect for federated authentication.