OpenID Connect Relying Party
Configuring authentication with OIDC is done through a number of components. One of those components is the authenticator "OidcRP". This authenticator currently only supports Authorization Code Flow.
Configuring the authenticator
Before enabling the authenticator ensure that phenix-oidc-discovery module is enabled and that the right OIDC OP has been configured for discovery.
||pipe id of the pipe used for id token validation.||N/A||YES|
||Where to send the user agent after successful token validation||N/A
||URL used when communicating with the OP.||N/A
||The client secret used validating the token||N/A
||Id of the client used when communicating with the OP||N/A
||Value considered as username in the returned item from validation pipe.||sub||YES|
|scope||The oidc scope sent to the OP||openid
||Internal id of the OP to use||N/A||Yes
||If to perform a user info lookup in addition.
Requires the op exposing a user_info url in discovery data. Response from discovery will be sent in to the pipe in parameter "user_info".
The pipe executed MUST respond with one item.