Skip to main content

OAuth 2 / OIDC Metadata configuration

  • This guide contains info about setting your {$provider-id}.json file.
  • Set your type property to oidc.

Authentication properties

  • This is list of all authentication properties which can be set in the authentication properties of your metadata file.
PropertyTypeRequiredDescriptionExample value
clientIdstringtrueClient identification. This needs to be copied from your provider configuration. This value can be a plain string or a reference (e.g., ${...}) to a property in the configuration source.123456789-xfgh546.apps.googleusercontent.com
clientSecretstringtrueClient secret. This needs to be copied from your provider configuration. This value must always be a reference in the form ${...} pointing to a property in the data source. Plain strings are not allowed.${provider.clientSecret}
authorizationUristringtrueUri of the authorization service of provider.https://accounts.google.com/o/oauth2/v2/auth
tokenUristringtrueUri of the token service of provider.https://www.googleapis.com/oauth2/v4/token
jwkSetUristringtrueUri of the jwk set service of provider.https://www.googleapis.com/oauth2/v3/certs
userInfoUristringfalseUri of the user service of provider.https://www.googleapis.com/oauth2/v3/userinfo
scopearray of stringsfalseCommunication scope. Default value is ["openid", "profile", "email"]["openid", "profile", "email"]
userNameAttributestringfalseUser identificatio attribute. Default value is sub.sub

Full example of using Google as provider

{
	"type": "oidc",
	"authenticationProperties": {
		"clientId": "123456789-xfgh546.apps.googleusercontent.com",
		"clientSecret": "${provider.clientSecret}",
		"authorizationUri": "https://accounts.google.com/o/oauth2/v2/auth",
		"tokenUri": "https://www.googleapis.com/oauth2/v4/token",
		"jwkSetUri": "https://www.googleapis.com/oauth2/v3/certs",
		"userInfoUri": "https://www.googleapis.com/oauth2/v3/userinfo",
		"scope": [
		"openid", "profile", "email"
		],
		"userNameAttribute": "sub"
	}
}