Connect 2024 - User Manual

Authorization Providers: Registration of OAuth 2.0 or OpenID Connect (OIDC) Providers (Connect 2024)

This area of the Connection Designer is used to define OAuth 2.0 or OpenID Connect (OIDC) providers. In most cases, authorization providers are used in connection with OAuth 2.0/OIDC which are already included delivery package of the Connect Server. In this case, no change is required here.

Definition of an Authorization Provider (General)

Navigate to the page Connection Designer → Authorization Provider, to display the list of authorization providers. Then, click on the "Add authorization provider" button and specify the desired name for the authorization provider.

After clicking the "OK" button, the Authorization Provider Editor will open.

In the upper area, a short description can be entered in the Title field and a more detailed description for the authorization provider in the Description field. Both fields support multilingualism, so that a default value and translations for different languages can be maintained. In the optional Documentation URI field, a link to the authorization provider's documentation can be stored.

The further procedure depends on whether the authorization provider uses OAuth 2.0, OpenID Connect (OIDC) without discovery, or OpenID Connect (OIDC) with discovery. Corresponding examples can be found in the following sections.

Definition of an authorization provider for OAuth 2.0 or OpenID Connect without discovery

In the Type field, select the desired type of authorization provider, "OAuth 2.0" or "OpenID Connect (without Discovery)". In the Authorization Endpoint URI and Token Endpoint URI fields, enter the URIs of the corresponding endpoints. Please refer to the documentation of the authorization provider. Now select the authorization flows supported by the authorization provider. Please also find this information in the documentation of the authorization provider. By holding the Ctrl key you can select multiple flows. In the "Supported Scopes" area, please enter all required OAuth 2.0 scopes.

To save, click the "Save" button, which is displayed at the bottom right. Depending on the number of scopes entered, this process may take a few seconds.

Definition of an Authorization Provider for a Service with OpenID Connect Discovery Support

If the desired authorization provider supports OpenID Connect with Discovery, most of the required data can be determined automatically. In this case, select the value "OpenID Connect (with Discovery)" in the Type field and enter the base URI of the discovery service in the Authority URI field. Please refer to the documentation of the authorization provider. Since OIDC Discovery may only return a subset of the scopes supported by the service that is relevant for OIDC, additional scopes required for OAuth 2.0 can be entered manually in the Additional OAuth 2.0 Scopes area.

To save, click the "Save" button, which is displayed at the bottom right. Depending on the number of scopes entered, this process may take a few seconds.