OpenID Connect Profiles
An OpenID Connect Profile resource represents a specific configuration of an OpenID Connect Provider.
An authentication realm can have multiple OpenID Connect Profiles. This allows shoppers to authenticate using multiple OpenID providers. In the example shown below, Jane can login using both Apple and Google, whereas Joan can only login using Google.
The OpenID Connect Profile Object
Attribute | Type | Description |
---|---|---|
client_id | string | The client id to be used with the external authentication provider |
discovery_url | string | The url of the OpenID Connect discovery document. |
id | string | The unique identifier for this OpenID Connect profile. |
meta | object | Additional information for this realm. For more information, see The meta object below. |
name | string | The name of the OpenID Connect profile. |
type | string | The type represents the object being returned. |
links | object | Related links. Also see: The links object below. |
Sample Object
{
"data": {
"client_id": "openid-client",
"discovery_url": "https://auth.ssoprovider.com/.well-known/openid-configuration",
"id": "ed83913b-d6dc-4472-9328-bb486443de9c",
"meta": {
"issuer": "https://auth.ssoprovider.com",
"created_at": "2020-11-04T21:59:58.611Z",
"updated_at": "2020-11-04T21:59:58.611Z"
},
"name": "SSO Provider",
"type": "oidc-profile"
},
"links": {
"authorization-endpoint": "https://useast.api.elasticpath.com/oidc-idp/login/stores/88888888-4444-4333-8333-111111111111/authentication-realms/40086652-2779-45f0-8ea6-ae630dfd13cb?elasticpath_commerce_cloud_profile_id=ed83913b-d6dc-4472-9328-bb486443de9c",
"callback-endpoint": "https://useast.api.elasticpath.com/oidc-idp/callback/stores/88888888-4444-4333-8333-111111111111/authentication-realms/40086652-2779-45f0-8ea6-ae630dfd13cb/oidc-profiles/ed83913b-d6dc-4472-9328-bb486443de9c",
"client-discovery-url": "https://useast.api.elasticpath.com/oidc-idp/stores/88888888-4444-4333-8333-111111111111/authentication-realms/40086652-2779-45f0-8ea6-ae630dfd13cb/.well-known/openid-configuration",
"self": "https://useast.api.elasticpath.com/v2/authentication-realms/40086652-2779-45f0-8ea6-ae630dfd13cb/oidc-profiles/ed83913b-d6dc-4472-9328-bb486443de9c"
}
}
The meta
Object
Attribute | Type | Description |
---|---|---|
meta.issuer | string | The issuer from the discovery document of this OpenID Connect profile. |
meta.created_at | string | The creation date of this OpenID Connect profile. |
meta.updated_at | string | The last updated date of this OpenID Connect profile. |
The links
Object
Attribute | Type | Description |
---|---|---|
links.authorization-endpoint | string | The link that front-end applications should use to authenticate the OpenID Connect profile. The front-end application is responsible for appending all of the required parameters to the request. The endpoint also forwards some optional parameters, display , prompt and ui_locales to the configured Identity Provider. These parameters allow you to control the behavior of the authentication process on the Identity Provider. Additionally the query parameter ep_report_callback_replay_error can be set to true in which case if the user revisits the callback-endpoint multiple times (e.g., if they hit their Back button), we will redirect the user back to the front end with an Authentication error response of callback_replay . |
links.callback-endpoint | string | The link that should be supplied as the callback URL to the upstream authentication provider. |
links.client-discovery-url | string | The link to the OpenID Connect Discovery document for this provider. |