OIDC Application
OIDC Application type is application supporting OIDC as alternative authentication option. OIDC application is defined by following attributes:
Client ID - is used to identify the client (application) making authentication and authorization requests to the OIDC provider.
Client Friendly Name - Service provider friendly display name.
Client secret - confidential key or password used by the client application to authenticate itself when communicating with the OIDC provider
Response types - defines the type of credential that the client expects to receive from the authorization server (or OpenID provider) after a user successfully authenticates
Grant types - define the methods through which a client application obtains an access token, ID token, or refresh token
Scopes - define the level of access that a client application is requesting from a resource owner (user) or the authorization server.
Token endpoint authentication methods - define how the client authenticates itself to the authorization server when exchanging an authorization code or obtaining a token
Subject type - This specifies how the user identity (subject) is represented in ID tokens:
public: The same
sub
(subject) value is used across all clients for a user.pairwise: A unique
sub
value is generated per client for the same user, enhancing privacy.
Redirect URIs - the URL where the authorization server sends the user after granting or denying authorization. It must be pre-registered by the client application to ensure security.
openidoffline_access
authorization_coderefresh_token
code