Configuring OAuth2-OpenID Connect Single-Sign-On

OAuth 2.0 has three main phases. They are; requesting an Authorization Grant, exchanging the Authorization Grant for an Access Token and accessing the resources using this Access Token. OpenID Connect is another identity layer on top of OAuth 2.0. OAuth applications can get authentication event information over the IDToken and can get the extra claims of the authenticated user from the OpenID Connect UserInfo endpoint.

To enable OAuth support for your client application, you must first register your application. Follow the instructions below to add a new application.

Let's get started to configure the service provider you created!

1. Expand the Inbound Authentication Configuration section and then expand OAuth/OpenID Connect Configuration. Click Configure.

2. Fill in the form that appears. For the Allowed Grant Types you can disable the ones you do not require or wish to block.

   Open

   

   When filling out the New Application form, the following details should be taken into consideration.

3. Click Add. Note that client key and client secret get generated.

   Open

   

   • OAuth Client Key - This is the client key of the service provider, which will be checked for authentication by the Identity Server before providing the access token.

   • OAuth Client Secret - This is the client secret of the service provider, which will be checked for authentication by the Identity Server before providing the access token. Click the Show button to view the exact value of this.

   • Actions - 

     • Edit: Click to edit the OAuth/OpenID Connect Configurations

     • Revoke: Click to revoke (deactivate) the OAuth application. This action revokes all tokens issued for this application. In order to activate the application, you have to regenerate the consumer secret. 

     • Regenerate Secret: Click to regenerate the secret key of the OAuth application. 

     • Delete: Click to delete the OAuth/OpenID Connect Configurations.