OpenID Connect
According to the OpenID Specification, OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
In Hub 2017.2, we supported OpenID Connect protocol. You can now use your Hub service as the OpenID Provider for your web-applications.
Hub OpenID Connect Endpoint
Hub supports auto-discovery for the OpenID Connect. Thus, OpenID Connect Endpoint for your Hub service is as follows:
<Hub Service BaseURL>/.well-known/openid-configuration
If your client service does not support auto-discovery, then use the following endpoints for your Hub as the OpenID Connect provider:
End-point type | End-point URL |
---|---|
Authorization endpoint | <Hub Service BaseURL>/api/rest/oauth2/auth |
Token endpoint | <Hub Service BaseURL>/api/rest/oauth2/token |
User info endpoint | <Hub Service BaseURL>/api/rest/oauth2/userinfo |
JWKS endpoint | <Hub Service BaseURL>/api/rest/oauth2/keys |
General Configuration
To use Hub as an OpenID Connect Provider
- In your client service, provide the endpoint of the Hub service.
- Register your client service in Hub:
Last modified: 20 November 2017