As the OpenID Connect is a layer on top of the OAuth 2.0 protocol, this scheme extends the OAuth 2.0 scheme.
Please see the OAuth2 scheme for more information.
Usage
const $auth = useAuth()
$auth.loginWith('openIDConnect')
Additional arguments can be passed through to the OpenID Connect provider using the params key of the second argument:
const $auth = useAuth()
$auth.loginWith('openIDConnect', { params: { another_post_key: 'value' } })
Options
Minimal configuration:
auth: {
strategies: {
oidc: {
scheme: 'openIDConnect',
clientId: 'CLIENT_ID',
endpoints: {
configuration: 'https://accounts.google.com/.well-known/openid-configuration',
},
}
}
}
Default configuration:
auth: {
strategies: {
oidc: {
scheme: 'openIDConnect',
endpoints: {
configuration: 'https://accounts.google.com/.well-known/openid-configuration',
},
idToken: {
property: 'id_token',
maxAge: 60 * 60 * 24 * 30,
prefix: '_id_token.',
expirationPrefix: '_id_token_expiration.'
},
responseType: 'code',
grantType: 'authorization_code',
scope: ['openid', 'profile', 'offline_access'],
codeChallengeMethod: 'S256',
}
}
}
endpoints
Additional Information
Each endpoint is used to make requests using axios. They are basically extending Axios Request Config.
configuration
REQUIRED - Endpoint to request the provider's metadata document to automatically set the endpoints. A metadata document that contains most of the OpenID Provider's information, such as the URLs to use and the location of the service's public signing keys. You can find this document by appending the discovery document path (/.well-known/openid-configuration) to the authority URL (https://example.com).Eg. https://example.com/.well-known/openid-configurationMore info: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigEach endpoint defined in the OAuth2 scheme can also be used in the OpenID Connect scheme configuration. This will override the information provided by the configuration document.clientId
Additional Information
REQUIRED - OpenID Connect client id.
scope
Additional Information
- Default:
['openid', 'profile', 'offline_access']
token
Additional Information
Access token
property
- Default:
access_token
property can be used to specify which field of the response JSON to be used for value. It can be false to directly use API response or being more complicated like auth.access_token.type
- Default:
Bearer
Authorization header of axios requests.maxAge
- Default:
1800
idToken
Additional Information
The OpenIDConnect scheme will save both the access and ID token. This because to end the user-session at the authorization server, the ID token needs to be part of the logout request via the required parameter id_token_hint.
property
- Default:
id_token
property can be used to specify which field of the response JSON to be used for value. It can be false to directly use API response or being more complicated like auth.id_token.maxAge
- Default:
1800
refreshToken
Additional Information
property
- Default:
refresh_token
property can be used to specify which field of the response JSON to be used for value. It can be false to directly use API response or being more complicated like auth.refresh_token.maxAge
- Default:
60 * 60 * 24 * 30
responseType
Additional Information
- Default:
code
code for authorization code flow.grantType
Additional Information
- Default:
authorization_code
authorization_code for authorization code flow.redirectUri
Additional Information
Should be same as login page or relative path to welcome screen.By default it will be inferred from redirect.callback option. (Defaults to /login)
logoutRedirectUri
Additional Information
Should be an absolute path to the welcome screen
codeChallengeMethod
Additional Information
By default is 'implicit' which is the current workflow implementation. In order to support PKCE ('pixy') protocol, valid options include 'S256' and 'plain'. (read more)Default: S256
acrValues
Additional Information
Provides metadata to supply additional information to the authorization server. (read more)
autoLogout
Additional Information
- Default:
false