OIDC support
Strivacity supports all standard OIDC flows.
- Authorization Code Flow - This flow can be used by Single/Multi Page Applications that have access to a backend component that can be used to securely retrieve an id_token. This is the recommended flow for authenticating users.
- Implicit Flow - This flow can be used by Single/Multi Page Applications that don't have access to a backend component.
- Hybrid Flow - This flow is a combination of implicit and authorization code flows, as both an id_token and authorization code are returned by Strivacity.
- Client Credentials Flow - This flow is typically used for Machine-to-Machine (M2M) communications. With Strivacity, this flow can be used to obtain access to any Strivacity REST APIs.
The OAuth2/OIDC settings appear as a tab when creating and editing OIDC clients.
Well known URLs
Here's a list of well-known URLs for your Strivacity instance:
| Name | URL |
|---|---|
| Well-known OIDC configuration | /.well-known/openid-configuration |
| Authorization endpoint | /oauth2/auth |
| Token endpoint | /oauth2/token |
| User info endpoint | /userinfo |
| Revocation endpoint | /oauth2/revoke |
| Logout URL | /oauth2/sessions/logout |
Error handling
Here, you will find a table that helps you understand the various error codes that Strivacity may return to your application during an OIDC Flow.
These error codes are returned to your application via a URL that looks something like this:
https://REDIRECTION_URI?error=<error>&error_description=<description>
| Error code | Description |
|---|---|
| access_denied | Strivacity denied the login request |
| invalid_client | Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method) |
| invalid_grant | The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client |
| invalid_request | The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed |
| invalid_scope | The requested scope is invalid, unknown, or malformed |
| registration_denied | Strivacity denied the registration request |
| request_forbidden | Strivacity denied the request because the session cookie was not present or was malformed |
| server_error | Strivacity encountered an unexpected condition that prevented it from fulfilling the request |
| temporarily_unavailable | Strivacity is currently unable to handle the request due to a temporary overloading or maintenance |
| unauthorized_client | The authenticated client is not authorized to use this authorization grant type |
| unsupported_grant_type | The authorization grant type is not supported by Strivacity |
| unsupported_response_type | Strivacity does not support obtaining an authorization code using this method |
Updated 5 months ago