OIDC can be configured using the following options in the dbnl Helm chart or Terraform module:
audience
clientId
issuer
scopes
Instructions on how to get those options for each provider can be found below.
Follow the Auth0 instructions to create a new SPA (single page application).
In Settings > Application URIs, add the dbnl deployment domain to the list of Allowed Callback URLs (e.g. dbnl.mydomain.com).
Navigate to Settings > Basic Information and copy the Client ID as the OIDC clientId option.
Navigate to Settings > Basic Information and copy the Domain and prepend with https:// to use as the OIDC issuer option (e.g. https://my-app.us.auth0.com/).
Navigate to App Registrations > (Application) > Manage > API permissions and add the Microsoft Graph email, openid and profile permissions to the application.
Navigate to App Registrations > (Application) > Manage > Manifest and set access token version to 2.0 with "accessTokenAcceptedVersion": 2 .
Navigate to App Registrations > (Application) > Manage > Token configuration > Add optional claim > Access > email to add the email optional claim to the access token type.
Navigate to App Registrations > (Application) and copy the Application (client) ID (APP_ID) to be used as the OIDC clientId and OIDC audience options.
Set the OIDC issuer option to https://login.microsoftonline.com/{APP_ID}/v2.0 .
Set the OIDC scopes option to "openid email profile {APP_ID}/.default".
Follow the Okta instructions to create a new SPA (single page application) and enable OIDC.
Set the Sign-in redirect URIs to your dbnl domain (e.g. dbnl.mydomain.com)
Navigate to General > Client Credentials and copy the Client ID to be used as the OIDC clientId option.
Navigate to Sign on > OpenID Connect ID Token and copy the Issuer URL to be used as the OIDC issuer and OIDC audience options.
Set the OIDC scopes option to "openid email profile" .
