Home
Product documentation
Support homeSupport requestsSystem statusTrust centerTry for free
Start typing to search…

OIDC client (using the Journey Flow API)

An OIDC client (Journey Flow API) integrates a brand application with Strivacity authentication using OAuth2/OIDC and the Strivacity Journey Flow API. This client type enables native client experiences where authentication flows are implemented through the Journey Flow API instead of Strivacity no-code components.

You can configure this client in the Admin Console under Applications → select application → Clients → select client.

OIDC clients using the Journey Flow API include the following configuration tabs:

  • General
  • Application URLs
  • Application launcher
  • OAuth2/OIDC native
  • SDK configuration

General

Use the General tab to define basic client properties.

  • Name: name displayed in the client list in the Admin Console.
  • Description: optional description visible only in the Admin Console.
  • Enabled: enables or disables the client. Disabled clients cannot be used for authentication.
  • Base organization: restricts access to users from a specific organizational hierarchy. Only users belonging to the selected base organization can authenticate through this client. See Base organizations for details.
  • Danger zone: allows you to delete the client.
    ❗️

    Deleting a client cannot be reversed.

Application URLs

Use the Application URLs tab to configure application-specific URLs used during authentication and navigation.

  • Application domain: optional alternative domain for the application. Alternative domains allow the application to use a domain distinct from other applications in the instance.
    🚧

    By default, applications use the default domain, which is either

    Changing the application domain ends active customer sessions and removes remembered accounts.

  • Website URL: the brand application homepage. Customers can access this page using the Back to website button.
  • Login URL: URL that initiates authentication for the application. For OAuth2/OIDC clients, this URL may include the parameters acr_values and login_hint, which are passed to the authentication request.
  • Shortcut for login URL: creates a short login URL that is easier to share with customers.
  • Customer-friendly login page URL: customizes the login page URL that customers see in the browser address bar. By default, the login page URL uses the first seven characters of the client ID. You can override this with a more descriptive value.

Application launcher

The Application launcher tab configures how the application appears in the self-service portal.
The application launcher allows customers to access their applications directly from their accounts. Before application shortcuts can appear, the launcher must be enabled.

  • Enable application launcher: enables the application launcher for the application. When enabled:
    • shortcuts for other applications may appear in the portal
    • the current application becomes available as a shortcut
  • Display name: label displayed for the application shortcut.
  • Logo URL: URL of the logo displayed for the application shortcut.
    📘

    Supported formats: SVG and PNG.

OAuth2/OIDC

The OAuth2/OIDC tab contains the OpenID Connect configuration for the client. These settings define how the application authenticates with Strivacity and how tokens are issued.

For a complete description of OAuth2/OIDC configuration options, see OAuth2/OIDC properties setup.

SDK configuration

The SDK configuration tab defines settings used by Strivacity SDK integrations for native and web applications.

  • Entry URL: URL used by native clients to handle email-initiated flows such as password reset and account activation. For mobile applications, the same URL must also be configured for deep linking on both iOS and Android.

Web configuration

Use this section to define trusted origins (domains) allowed to perform WebAuthN and Passkey authentication. These domains are also used to whitelist origins for CORS.

  • URL: trusted domain used for WebAuthN and Passkey authentication and added to the CORS allow list. Use Add URL to add additional trusted domains.
📘

Automatic CORS configuration

Origins configured in Web configuration are automatically used as the allow list for CORS.

When a request originates from one of the configured domains, Strivacity includes the appropriate CORS headers in the response. This allows browser-based clients hosted on those domains to interact with Strivacity APIs.

Android configuration

Use this section to register native Android applications.

Android applications are registered by providing the application package name and cryptographic fingerprints used for origin validation.

Select Add Android app to add a new Android application.

iOS configuration

Use this section to register native iOS applications.

iOS applications are registered using the Apple app team ID and bundle identifier.

Select Add iOS app to add a new iOS application.

Updated about 6 hours ago