client ID
and a client secret
are issued by the identity provider and usedredirect URI
.https://<serverURL>/login/oauth2/code/<registrationID>
https://<realm>.auth0.com/
https://accounts.google.com
https://<server>/auth/realms/<realm>
https://<server>/oidc/
https://auth.molgenis.org
https://connect.surfconext.nl/
ROLE_
will be added to the user's roles when they log in.eduperson_entitlement
), that will be evaluated on the combined claims of the id token and the response of the user info endpoint. The values in this claim will be added to the VO group table. In the Security Manager, group managers can grant roles on their group to VO group members. VO Group members will be granted these group roles when they log in.sub
and email
claims and ideally the given_name
and family_name
claims as well. These claims are requested by specifying the scopes openid,email,profile
.N.B. Only the clients that have been created in entity 'OIDC client' can be selected.
NOTE: The name of the claim used in this mapping to look up the email address is configurable in the<emailAttributeName>
attribute of the 'OIDC client' entity. By default it is the
userInfoUri
endpoint.<emailAttributeName>
claimemail_verified
claim,oidcClient
attribute equals the OidcClient's registrationId
oidcUsername
attribute equals the OpenID Connect user's sub
claimEmail
attribute equals the OpenID Connect user's <emailAttributeName>
claim.<usernameAttributeName>
claimThe name of this claim is also configurable in the 'OIDC client' entity. The default is 'email'.
<emailAttributeName>
claimgiven_name
claimmiddle_name
claimfamily_name
claimsub
claim>sub
claim