OpenID Connect
According to the OpenID Specification, OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
In Hub 2017.2, we supported OpenID Connect protocol. You can now use your Hub service as the OpenID Provider for your web-applications.
Hub OpenID Connect Endpoint
Hub supports auto-discovery for the OpenID Connect. Thus, OpenID Connect Endpoint for your Hub service is as follows:
<Hub Service BaseURL>/.well-known/openid-configuration
If your client service does not support auto-discovery, then use the following endpoints for your Hub as the OpenID Connect provider:
End-point type | End-point URL |
---|---|
Authorization endpoint | <Hub Service BaseURL>/api/rest/oauth2/auth |
Token endpoint | <Hub Service BaseURL>/api/rest/oauth2/token |
User info endpoint | <Hub Service BaseURL>/api/rest/oauth2/userinfo |
JWKS endpoint | <Hub Service BaseURL>/api/rest/oauth2/keys |
General Configuration
To use Hub as an OpenID Connect Provider
In your client service, provide the endpoint of the Hub service.
- Register your client service in Hub:
On the Services page, click the New service... button.
In the dialog, enter a name for your service and its URL. Then click the Create button. The new service is created.
On the Settings page of the new service, provide the Redirect URIs to which Hub should redirect a user.