Use an existing OpenID Provider

Perform the following steps to setup your existing OpenID Provider:

1. Make sure your OpenID configuration is discoverable. Browse to https://<your-host-domain>/.well-known/openid-configuration and check the following values exist:

1
2{
3  "authorization_endpoint": "https://your-auth-endpoint/auth",
4  "token_endpoint": "https://your-token-endpoint/token",
5  "jwks_uri": "https://your-jwks-endpoint/jwks",
6  "response_types_supported": ["code"],
7  "grant_types_supported": ["authorization_code"],
8  "token_endpoint_auth_methods_supported":["client_secret_basic"],
9}

This is an example OpenID configuration from Google.

2. Setup a client on your OpenID Provider:

• Record the client client_id and client_secret.

• Use an example callback URL (e.g. https://example.com/callback also). We will change this after we setup an OIDC Bridge Issuer.

3. If you intend to use any additional scopes, record which scopes are required to invoke Claims you want to retrieve from your user profile system. Common ones include openid, profile and email.

4. Try it out by running a manual test against your OP and inspecting the resulting ID token.