Hi! I’m using a custom OAuth2 connection in Auth0 to integrate a third-party identity provider. I’ve added scope=openid profile email and everything works, but I’m not sure if the setup is fully OIDC-conformant.
How can I check if the tokens and flow meet OIDC standards? Are there any tools or tips to confirm compliance when not using a native OIDC connection?
Thanks in advance!
Welcome to the Auth0 Community!
Thank you for posting your question, to ensure that your connection is OIDC-conformant please make sure to follow our documentation regarding creating the custom connection → https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/oidc#set-up-your-app-in-the-openid-connect-identity-provider. Otherwise to meet the OIDC standard you need to make sure that your connection matches the OIDC specification, there’s also an official document defines the set of profiles of the OpenID Connect specifications used for certifying implementations conforming to those profiles.
→ https://openid.net/wordpress-content/uploads/2018/06/OpenID-Connect-Conformance-Profiles.pdf
Thanks!
Dawid