Skip to main content

OpenID Connect Profiles

An OpenID Connect Profile resource represents a specific configuration of an OpenID Connect Provider.

An authentication realm can have multiple OpenID Connect Profiles. This allows shoppers to authenticate using multiple OpenID providers. In the example shown below, Jane can login using both Apple and Google, whereas Joan can only login using Google.

oidc profiles

The OpenID Connect Profile Object

AttributeTypeDescription
client_idstringThe client id to be used with the external authentication provider
discovery_urlstringThe url of the OpenID Connect discovery document.
idstringThe unique identifier for this OpenID Connect profile.
metaobjectAdditional information for this realm. For more information, see The meta object below.
namestringThe name of the OpenID Connect profile.
typestringThe type represents the object being returned.
linksobjectRelated links. Also see: The links object below.

Sample Object

{
"data": {
"client_id": "openid-client",
"discovery_url": "https://auth.ssoprovider.com/.well-known/openid-configuration",
"id": "ed83913b-d6dc-4472-9328-bb486443de9c",
"meta": {
"issuer": "https://auth.ssoprovider.com",
"created_at": "2020-11-04T21:59:58.611Z",
"updated_at": "2020-11-04T21:59:58.611Z"
},
"name": "SSO Provider",
"type": "oidc-profile"
},
"links": {
"authorization-endpoint": "https://useast.api.elasticpath.com/oidc-idp/login/stores/88888888-4444-4333-8333-111111111111/authentication-realms/40086652-2779-45f0-8ea6-ae630dfd13cb?elasticpath_commerce_cloud_profile_id=ed83913b-d6dc-4472-9328-bb486443de9c",
"callback-endpoint": "https://useast.api.elasticpath.com/oidc-idp/callback/stores/88888888-4444-4333-8333-111111111111/authentication-realms/40086652-2779-45f0-8ea6-ae630dfd13cb/oidc-profiles/ed83913b-d6dc-4472-9328-bb486443de9c",
"client-discovery-url": "https://useast.api.elasticpath.com/oidc-idp/stores/88888888-4444-4333-8333-111111111111/authentication-realms/40086652-2779-45f0-8ea6-ae630dfd13cb/.well-known/openid-configuration",
"self": "https://useast.api.elasticpath.com/v2/authentication-realms/40086652-2779-45f0-8ea6-ae630dfd13cb/oidc-profiles/ed83913b-d6dc-4472-9328-bb486443de9c"
}
}

The meta Object

AttributeTypeDescription
meta.issuerstringThe issuer from the discovery document of this OpenID Connect profile.
meta.created_atstringThe creation date of this OpenID Connect profile.
meta.updated_atstringThe last updated date of this OpenID Connect profile.
AttributeTypeDescription
links.authorization-endpointstringThe link that front-end applications should use to authenticate the OpenID Connect profile. The front-end application is responsible for appending all of the required parameters to the request. The endpoint also forwards some optional parameters, display, prompt and ui_locales to the configured Identity Provider. These parameters allow you to control the behavior of the authentication process on the Identity Provider. Additionally the query parameter ep_report_callback_replay_error can be set to true in which case if the user revisits the callback-endpoint multiple times (e.g., if they hit their Back button), we will redirect the user back to the front end with an Authentication error response of callback_replay.
links.callback-endpointstringThe link that should be supplied as the callback URL to the upstream authentication provider.
links.client-discovery-urlstringThe link to the OpenID Connect Discovery document for this provider.