OIDC Authentication
OIDC configuration options
The dbnl platform uses OpenID Connect or OIDC for authentication. OIDC providers that are known to work with dbnl include:
Configuration
OIDC can be configured using the following options in the dbnl Helm chart or Terraform module:
audienceclientIdissuerscopes
Instructions on how to get those options for each provider can be found below.
Follow the Auth0 instructions to create a new SPA (single page application).
In Settings > Application URIs, add the dbnl deployment domain to the list of Allowed Callback URLs (e.g. dbnl.mydomain.com).
Navigate to Settings > Basic Information and copy the Client ID as the OIDC
clientIdoption.Navigate to Settings > Basic Information and copy the Domain and prepend with
https://to use as the OIDCissueroption (e.g.https://my-app.us.auth0.com/).Follow the Auth0 instructions to create a custom API.
Use your dbnl deployment domain as the Identifier (e.g. dbnl.mydomain.com).
Navigate to Settings > General Settings and copy the Identifier as the OIDC
audienceoption.Set the OIDC
scopesoption to"openid profile email".
Follow the Microsoft Entra ID instructions to create a new SPA (single page application) and enable OIDC.
Add the dbnl deployment domain as the callback URL (e.g. dbnl.mydomain.com).
[Optional] Follow the Microsoft Entra ID instructions to restrict access to certain users.
Navigate to App Registrations > (Application) > Manage > API permissions and add the Microsoft Graph email, openid and profile permissions to the application.
Navigate to App Registrations > (Application) > Manage > Manifest and set access token version to 2.0 with
"accessTokenAcceptedVersion": 2.Navigate to App Registrations > (Application) > Manage > Token configuration > Add optional claim > Access > email to add the email optional claim to the access token type.
Navigate to App Registrations > (Application) and copy the Application (client) ID (
APP_ID) to be used as the OIDCclientIdand OIDCaudienceoptions.Set the OIDC
issueroption tohttps://login.microsoftonline.com/{APP_ID}/v2.0.Set the OIDC
scopesoption to"openid email profile {APP_ID}/.default".
Follow the Okta instructions to create a new SPA (single page application) and enable OIDC.
Set the Sign-in redirect URIs to your dbnl domain (e.g. dbnl.mydomain.com)
Navigate to General > Client Credentials and copy the Client ID to be used as the OIDC
clientIdoption.Navigate to Sign on > OpenID Connect ID Token and copy the Issuer URL to be used as the OIDC
issuerand OIDCaudienceoptions.Set the OIDC
scopesoption to"openid email profile".
Was this helpful?