Introduction

The GenericOpenIdConnectOptions can be used to configure external OIDC identity providers.

Format

The GenericOpenIdConnectOptions are usually stored as a JSON objects:

{
  "authoritiy": "String",
  "clientId": "String",
  "clientSecret": "String",
  "responseType": "String" # defaults to "code"
  "certificateValidationOptions": {
    "certificateDistinguesedName": "String",
    "tokenLifetimeInMinutes": "String"
  },
  "Scopes": ["String"],
  "audience": "String",
  "callbackPath": "String",
  "useUserInfoEndpoint": "Boolean" # defaults to 'true',
  "requireHttpsMetadata": "Boolean" # defaults to 'true',
  "useIFrameLogoutWithIdTokenHint": "Boolean"
}

Options

Options	Type	Default Value	Description

Options	Type	Default Value	Description
`authoritiy`	String	N/A	The authority for the IDP server.
`clientId`	String	N/A	The client identifier for the OIDC application.
`clientSecret`	String	N/A	The client secret for the OIDC application. If this option is set, then `certificateValidationOptions` is not needed.
`responseType`	String	`code`	The response type for the OIDC request.
`certificateValidationOptions`	Object	N/A	Options for certificate validation.
└─ `certificateDistinguesedName`	String	N/A	The distinguished name of the certificate is defined in the Windows Certificate Store. If the value is `""`, the current CoreOne Authentication Services signing certificate is used. Signing Keys - CoreOne Suite Dokumentation - Confluence If this option is set, then `clientSecret` is not needed.
└─ `tokenLifetimeInMinutes`	String	N/A	Lifetime of the token in minutes.
`Scopes`	String Array	N/A	List of scopes for the OIDC application.
`audience`	String	N/A	The audience of the OIDC request.
`callbackPath`	String	N/A	The callback path for the OIDC application.
`useUserInfoEndpoint`	Boolean	`true`	Whether to use the User Info Endpoint.
`requireHttpsMetadata`	Boolean	`true`	Whether HTTPS metadata is required.
`useIFrameLogoutWithIdTokenHint`	Boolean	N/A	Whether to use iframe logout with ID token hint.