OIDC Authentication

OIDC configuration options

Was this helpful?

Configuration

OIDC can be configured using the following options in the dbnl Helm chart or Terraform module:

audience

clientId

issuer

scopes

Instructions on how to get those options for each provider can be found below.

Follow the Auth0 instructions to create a new SPA (single page application).
1. In Settings > Application URIs, add the dbnl deployment domain to the list of Allowed Callback URLs (e.g. dbnl.mydomain.com).
Navigate to Settings > Basic Information and copy the Client ID as the OIDC clientId option.
Navigate to Settings > Basic Information and copy the Domain and prepend with https:// to use as the OIDC issuer option (e.g. https://my-app.us.auth0.com/).
Follow the Auth0 instructions to create a custom API.
1. Use your dbnl deployment domain as the Identifier (e.g. dbnl.mydomain.com).
Navigate to Settings > General Settings and copy the Identifier as the OIDC audience option.
Set the OIDC scopes option to "openid profile email".

Follow the Microsoft Entra ID instructions to create a new SPA (single page application) and enable OIDC.
1. Add the dbnl deployment domain as the callback URL (e.g. dbnl.mydomain.com).
[Optional] Follow the Microsoft Entra ID instructions to restrict access to certain users.
Navigate to App Registrations > (Application) > Manage > API permissions and add the Microsoft Graph email, openid and profile permissions to the application.
Navigate to App Registrations > (Application) > Manage > Manifest and set access token version to 2.0 with "accessTokenAcceptedVersion": 2 .
Navigate to App Registrations > (Application) > Manage > Token configuration > Add optional claim > Access > email to add the email optional claim to the access token type.
Navigate to App Registrations > (Application) and copy the Application (client) ID (APP_ID) to be used as the OIDC clientId and OIDC audience options.
Set the OIDC issuer option to https://login.microsoftonline.com/{APP_ID}/v2.0 .
Set the OIDC scopes option to "openid email profile {APP_ID}/.default".

Follow the Okta instructions to create a new SPA (single page application) and enable OIDC.
1. Set the Sign-in redirect URIs to your dbnl domain (e.g. dbnl.mydomain.com)
Navigate to General > Client Credentials and copy the Client ID to be used as the OIDC clientId option.
Navigate to Sign on > OpenID Connect ID Token and copy the Issuer URL to be used as the OIDC issuer and OIDC audience options.
Set the OIDC scopes option to "openid email profile" .