OpenID Connect ID Configuration

Problem statement

This article provides pointers to relevant documentation that describes how to create an OpenID Connect provider. In particular, further information is provided about the meaning and purpose of the following parameters:

  • OpenID Connect Authority URL ( “Issuer URL” )
  • OpenID Connect Client ID
  • Type
  • Scopes

Solution

Using Auth0, it is possible to connect an application to an OpenID Connect Identity Provider. For further information, refer to Connect to OpenID Connect Identity Provider

The public documentation also provides information about a range of specific configuration parameters:

  • OpenID Connect Authority URL: this is the Issuer URL where Auth0 can find the OpenID Provider Configuration Document. This should be available in the /.well-known/openid-configuration endpoint. For further details, refer to Issuer URL in Step 2 of Create an Enterprise Connection Using the Dashboard
  • OpenID Connect Client ID: Unique identifier for your registered application. Enter the saved value of the Client ID for the app that has been registered with the OIDC Identity Provider. For further details, refer to Client ID in Step 2 of Create an Enterprise Connection Using the Dashboard
  • Type: Set to either Front Channel or Back Channel. Front Channel uses the OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel uses response_type=code. For further details, refer to Type in Step 3 of Create an Enterprise Connection Using the Dashboard
  • Scopes: A comma-separated list of Auth0 scopes to request when connecting to the Identify Provider. This will affect the data stored in the user profile. It is required to include at least the openid scope. Note that the connection does not call the /userinfo endpoint and expects the user claims to be present in the id_token. For further details, refer to Scopes in Step 3 of Create an Enterprise Connection Using the Dashboard

Related References