OIDC
Definition
OIDC, or OpenID Connect, is an identity layer built on top of the OAuth 2.0 protocol. It allows clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the user. OIDC is designed to be simple to implement and provides a standardized way to authenticate users across different applications and services.
Secure Settings Example
# Example OIDC configuration for a secure application
oidc:
issuer: "https://auth.example.com"
client_id: "your-client-id"
client_secret: "your-client-secret"
redirect_uris:
- "https://yourapp.example.com/callback"
response_types: ["code"]
scopes: ["openid", "profile", "email"]
token_endpoint_auth_method: "client_secret_basic"
use_pkce: true
Insecure Settings Example
# Example of insecure OIDC configuration
oidc:
issuer: "https://auth.example.com"
client_id: "your-client-id"
client_secret: "your-client-secret"
redirect_uris:
- "http://yourapp.example.com/callback" # Insecure: using HTTP instead of HTTPS
response_types: ["token"] # Insecure: using implicit flow without PKCE
scopes: ["openid"]
token_endpoint_auth_method: "none" # Insecure: no authentication method
use_pkce: false