OpenID Connect
According to the OpenID Specification, OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
In Hub 2017.2, we supported OpenID Connect protocol. You can now use your Hub service as the OpenID Provider for your web-applications.
Hub OpenID Connect Endpoint
Hub supports auto-discovery for the OpenID Connect. Thus, OpenID Connect Endpoint for your Hub service is as follows:
<Hub Service BaseURL>/.well-known/openid-configuration
If your client service does not support auto-discovery, then use the following endpoints for your Hub as the OpenID Connect provider:
End-point type | End-point URL |
---|---|
Authorization endpoint | <Hub Service BaseURL>/api/rest/oauth2/auth |
Token endpoint | <Hub Service BaseURL>/api/rest/oauth2/token |
User info endpoint | <Hub Service BaseURL>/api/rest/oauth2/userinfo |
JWKS endpoint | <Hub Service BaseURL>/api/rest/oauth2/keys |
General Configuration
To use Hub as an OpenID Connect Provider
- In your client service, provide the endpoint of the Hub service.
- Register your client service in Hub:
- On the Services page, click the New service... button.
- In the dialog, enter a name for your service and its URL. Then click the Create button. The new service is created.
- On the Settings page of the new service, provide the Redirect URIs to which Hub should redirect a user.
Last modified: 21 February 2018