HomeGuidesRecipesAPI
HomeGuidesAPILog In
Guides
These docs are for v10. Click to read the latest docs for v31.

OpenID Connect

Overview

OpenID Connect (OIDC) is an authentication layer that sits on top of OAuth 2.0. Infiniti supports the use of OpenID Connect to handle authentication.

Configuration

OpenID Connect configuration options are set in the appsettings.json file.

"Authentication": {
  "OpenIDConnect": {
    "ClientId": "...",
    "ClientSecret": "...",
    "Authority": "...",
    "MetadataAddress": "...",
    "Scope", "..."
  }
}

Attributes

AttributeDescription
ClientIdRequired, Unique id that represents this application.
ClientSecretOptional, shared secret to prove the request comes from right app.
AuthorityRequired, URL to redirect to the identity provider. eg. Google https://accounts.google.com/, Azure https://login.microsoftonline.com/{tenant}
MetadataAddressOptional, URL to the configuration documentation. This configures the authentication. The web server must be able to request this URL. If empty the OpenId Connect standard of appending ".well-known/opened-configuration" to the "Authority" value is followed.
ScopeOptional, The types of claims to request from the IDP. By default only "opened" is requested. If this configuration has a value then the first value must be "openid". Other values are space delimited eg "openid profile email"

IDP Setup

The return URL is often validated against the URL that is entered in the IDP configuration. Infiniti will set the return URL to the address the user browsed to the site on. Typically https://server/produce or http://server/manage.

OpenID Connect typically requires HTTPS to be enabled on the IDP site and Infiniti. Not having HTTPS enabled on Infiniti can cause a redirect loop.

The default claims that are supported are sub, name, email, given_name, family_name, phone_number. Others can be mapped in Manage > Settings > User Profile Mapping.

📘

Note

AzureAD groups are not yet supported