Connectors

OIDC and OAuth IdP Connector

The OIDC and OAuth IdP connector lets you authenticate users with an identity provider (IdP) that supports OpenID Connect (OIDC) or OAuth 2.0 in your PingOne DaVinci flow.

You can use the OIDC and OAuth IdP connector to authenticate users with an IdP.

Setup

Resources

For information and setup help, see the following:

Configuring the OIDC and OAuth IdP connector

Add the connector in DaVinci as shown in Adding a connector, then configure it as follows.

Connector configuration

Provider Name

The name of the IdP.

Auth Type

The authorization or authentication type, such as OAuth2 or OpenId.

Redirect URL

Include this URL in your IdP configuration to allow it to redirect the browser back to DaVinci. If you use a custom PingOne domain, modify the URL accordingly.

Issuer URL

If OpenId is selected as the Auth Type, include this URL, which contains information about the IdP that can be validated.

Authorization Endpoint

The IdP endpoint, such as ` /rest/api/3`. This endpoint is added to the base API URL selected in the connector endpoint configuration.

Token Endpoint

The IdP token endpoint, which is used to request or refresh tokens.

Token Attachment

If a token is attached, prepend its name with either bearer or token, as appropriate.

UserInfo Endpoint

The IdP endpoint, which returns information about an authenticated user.

App ID

The unique identifier for an IdP tenant.

Client Secret

The IdP secret, which the application must have to obtain a token.

Scope

The OIDC scope used during authentication to authorize access to user information. Separate scopes with a space. For example, enter openid email profile.

User Info Post Process

The code that contains information about an authenticated user using HTTP POST.

Application Return to URL

The URL that returns user to the application after an embedded flowplayer video has played or social login authentication is complete.

Using the connector in a flow

OIDC or OAuth authentication

You can use the Sign On capability to authenticate a user with OIDC or OAuth2.

User information collection

You can use the Get User Details capability to validate an ID token.

No special configuration is needed. Add the capability and populate its properties according to the help text.

Access token management

The connector has several capabilities to manage access tokens:

  • Get Access Token (Client Credentials Grant)

  • Get Access Token (Password Credentials Grant)

Capabilities

Sign On

Show details
Properties
Sign On button
showPoweredBy toggleSwitch
skipButtonPress toggleSwitch
Output Schema
oauth2 object
accessToken string
expiresIn string

Get User Details

Show details
Properties
Sign On button
showPoweredBy toggleSwitch
skipButtonPress toggleSwitch

Get Access Token (Client Credentials Grant)

Show details
Input Schema
default object
type object
additionalProperties additionalProperties: true

Get Access Token (Password Credentials Grant)

Show details
Properties
Username textField required
Password textField required
Input Schema
default object
username string required
password string required