Problem statement
This article provides pointers to relevant documentation that describes how to create an OpenID Connect provider. In particular, further information is provided about the meaning and purpose of the following parameters:
- OpenID Connect Authority URL ( “Issuer URL” )
- OpenID Connect Client ID
- Type
- Scopes
Solution
Using Auth0, it is possible to connect an application to an OpenID Connect Identity Provider. For further information, refer to Connect to OpenID Connect Identity Provider
The public documentation also provides information about a range of specific configuration parameters:
- OpenID Connect Authority URL: this is the Issuer URL where Auth0 can find the OpenID Provider Configuration Document. This should be available in the
/.well-known/openid-configurationendpoint. For further details, refer to Issuer URL in Step 2 of Create an Enterprise Connection Using the Dashboard - OpenID Connect Client ID: Unique identifier for your registered application. Enter the saved value of the Client ID for the app that has been registered with the OIDC Identity Provider. For further details, refer to Client ID in Step 2 of Create an Enterprise Connection Using the Dashboard
- Type: Set to either Front Channel or Back Channel. Front Channel uses the OIDC protocol with
response_mode=form_postandresponse_type=id_token. Back Channel usesresponse_type=code. For further details, refer to Type in Step 3 of Create an Enterprise Connection Using the Dashboard - Scopes: A comma-separated list of Auth0 scopes to request when connecting to the Identify Provider. This will affect the data stored in the user profile. It is required to include at least the openid scope. Note that the connection does not call the /userinfo endpoint and expects the user claims to be present in the id_token. For further details, refer to Scopes in Step 3 of Create an Enterprise Connection Using the Dashboard