OpenID Connect

According to the OpenID Specification, OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

In Hub 2017.2, we supported OpenID Connect protocol. You can now use your Hub service as the OpenID Provider for your web-applications.

Hub OpenID Connect Endpoint

Hub supports auto-discovery for the OpenID Connect. Thus, OpenID Connect Endpoint for your Hub service is as follows:

<Hub Service BaseURL>/.well-known/openid-configuration

If your client service does not support auto-discovery, then use the following endpoints for your Hub as the OpenID Connect provider:

End-point type	End-point URL
Authorization endpoint	`<Hub Service BaseURL>/api/rest/oauth2/auth`
Token endpoint	`<Hub Service BaseURL>/api/rest/oauth2/token`
User info endpoint	`<Hub Service BaseURL>/api/rest/oauth2/userinfo`
JWKS endpoint	`<Hub Service BaseURL>/api/rest/oauth2/keys`

General Configuration

To use Hub as an OpenID Connect Provider

In your client service, provide the endpoint of the Hub service.
Register your client service in Hub:
1. On the Services page, click the New service... button.
2. In the dialog, enter a name for your service and its URL. Then click the Create button. The new service is created.
3. On the Settings page of the new service, provide the Redirect URIs to which Hub should redirect a user.

Last modified: 19 July 2017