OIDC and OAuth IdP Connector - PingOne Services - PingOne DaVinci - PingOne

Page created: 3 Apr 2023 |

Page updated: 2 Oct 2023

| 2 min read

PingOne DaVinci Product PingOne Cloud Platform PingOne PingOne Services Home Page Doc Tools

The OIDC and OAuth IdP connector lets you authenticate users with an identity provider (IdP) that supports OpenID Connect or OAuth 2.0 in your PingOne DaVinci flow.

You can use the OIDC and OAuth IdP connector to:

Authenticate users with an IdP.

Setup

Resources

For information and setup help, see the following:

DaVinci documentation:

Configuring the OIDC and OAuth IdP connector

Add the connector in DaVinci as shown in Adding a connector, then configure it as follows.

Connector configuration

Provider Name

The name of the IdP.

Auth Type

The authorization or authentication type, such as OAuth2 or OpenId.

Redirect URL

Include this URL in your IdP configuration to allow it to redirect the browser back to DaVinci. If you use a custom PingOne domain, modify the URL accordingly.

Issuer URL

If OpenId is selected as the Auth Type, include this URL, which contains information about the IdP that can be validated.

Authorization Endpoint

The IdP endpoint, such as /rest/api/3. This endpoint is added to the base API URL selected in the connector endpoint configuration.

Token Endpoint

The IdP token endpoint, which is used to request or refresh tokens.

Token Attachment

If a token is attached, prepend its name with either bearer or token, as appropriate.

UserInfo Endpoint

The IdP endpoint, which returns information about an authenticated user.

App ID

The unique identifier for an IdP tenant.

Client Secret

The IdP secret, which the application must have to obtain a token.

Scope

The OIDC scope used during authentication to authorize access to user information. Separate scopes with a space. For example, enter openid email profile.

User Info Post Process

The code that contains information about an authenticated user using HTTP POST.

Application Return to URL

The URL that returns user to the application after an embedded flowplayer video has played or social login authentication is complete.

Using the connector in a flow

OIDC or OAuth authentication

You can use the Sign On capability to authenticate a user with OIDC or OAuth2.

User information collection

You can use the Get User Details capability to validate an ID token.

No special flow configuration is needed. Add the capability and populate its properties according to the help text.

Access token management

The connector has several capabilities to manage access tokens:

Get Access Token (Client Credentials Grant)
Get Access Token (Password Credentials Grant)

Capabilities

Sign On

Details

Details

Properties

Sign On button
showPoweredBy toggleSwitch
skipButtonPress toggleSwitch

Output Schema

oauth2 object

accessToken string
expiresIn string

Get User Details

Details

Details

Properties

Sign On button
showPoweredBy toggleSwitch
skipButtonPress toggleSwitch

Get Access Token (Client Credentials Grant)

Details

Details

Input Schema

default object

type object
additionalProperties additionalProperties: true

Get Access Token (Password Credentials Grant)

Details

Details

Properties

Username textField required
Password textField required

Input Schema

default object

username string required
password string required