Reference13r3:Services/OAuth2/Config

From innovaphone wiki
Jump to navigation Jump to search


The OAuth2 service can be used for logging-in to myApps using a Windows password. It connects to an OpenID server, e.g. a Windows AD FS installation.

Enable
Turns the OAuth2 service on or off.
DNS name of this gateway
The DNS name of the gateway. Must be also reachable over reverse proxies, if myApps is used from outside.
OpenID well known configurations URL
OpenID installations all have a so called "well-known" configurations URL which must be configured here, e.g. https://adfs.domain.com/adfs/.well-known/openid-configuration
   The part /.well-known/openid-configuration is fixed and should always be available on your Open ID server.
Client ID
The client ID of the application group which must be configured inside your OpenID server.
Scope
a scope which is needed by some OpenID servers
  • Microsoft AD FS: leave scope empty
  • Microsoft Azure AD: use openid email as value (email doesn't seem to be always neccessary though ...)
Additional authorize URL query
additional parameters which control specific OAuth2 server settings (your string must start with an &!)
  • Microsoft AD FS: if you want to enforce a relogin on every login so that no previous session is used, you can configure &prompt=login
Redirect URI
This URI is not configurable, but must be configured inside your OpenID server. Your OpenID server will redirect to this URI after a successfull login.
upn (unique email address)
An optional mapping of the upn property inside the ID token. Some OpenID servers send a different name, e.g. email. You can open the configurations URL in your browser and check the claims_supported array.
  • Microsoft AD FS: leave field empty
  • Microsoft Azure AD: use email as value