OAUTH2/OIDC properties setup

OIDC properties

Here's where you can complete all of the OAuth2/OIDC specific settings for integration with your single-page or multi-page web application.

📘

Once you have completed all of these fields and saved your settings, you can integrate your customer interfaces using OIDC with the following options:

Client ID

The Client ID is automatically generated when you save the Application at the end of this process. This is the primary identifier used by your application to trust Strivacity when it performs any services on its behalf (such as authentication). This is public.

Client Secret

The Client Secret is automatically generated when you save the Application at the end of this process. This is a secret used by your application to trust Strivacity when it performs any services on its behalf (such as authentication). This should be kept private.

Token endpoint authentication method

This setting instructs Strivacity on how clients will authenticate. This corresponds to OIDC token_endpoint_auth_method. Supported settings include "BASIC" or "POST". You typically do not need to change this setting.

JWT signing method

Strivacity uses RS256 as the default algorithm for signing the JSON Web Tokens (JWTs). RS256 generates and uses an asymmetric signature.

Allowed callback URLs

Here is where you configure the allowed callback URLs for the OIDC transaction. This typically corresponds to redirect_uri that an OIDC client would pass to Strivacity when a user wants to authenticate.

Allowed logout URLs

Here is where you configure the allowed Logout URLs for the OIDC transaction. This typically corresponds to logout_uri that an OIDC client would pass to Strivacity when a user initiates a logout transaction.

Login URL

The Login URL is a URL related to your brand application that can

  • automatically initiate a login and redirect to the specific client authorization endpoint
  • it can pass the received acr_values and login_hint GET parameter to the login

🚧

Note

The Strivacity-hosted login page is not an entry point to the customer authentication flow.

Dialects

Here is where you can specify the claim dialect that is used by this Application. By default, the 'OpenID Connect' default claim dialect is used.

Enable refresh tokens

This is a customer convenience setting where you can enable or disable the use of refresh tokens, which means that any OIDC tokens can automatically refresh without requiring the customer to have to log back in.