OIDCAuthProviderConfig interface

The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth provider configuration interface. An OIDC provider can be created viaBaseAuth.createProviderConfig().

Signature:

exportinterfaceOIDCAuthProviderConfigextendsBaseAuthProviderConfig

Extends:BaseAuthProviderConfig

Properties

PropertyTypeDescription
clientIdstringThis is the required client ID used to confirm the audience of an OIDC provider's [ID token](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
clientSecretstringThe OIDC provider's client secret to enable OIDC code flow.
issuerstringThis is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. [/.well-known/openid-configuration](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following:
  • To verify the provided issuer.
  • Determine the authentication/authorization endpoint during the OAuthid_token authentication flow.
  • To retrieve the public signing keys viajwks_uri to verify the OIDC provider's ID token's signature.
  • To determine the claims_supported to construct the user attributes to be returned in the additional user info response.
ID token validation will be performed as defined in the [spec](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).
responseTypeOAuthResponseTypeThe OIDC provider's response object for OAuth authorization flow.

OIDCAuthProviderConfig.clientId

This is the required client ID used to confirm the audience of an OIDC provider's [ID token](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).

Signature:

clientId:string;

OIDCAuthProviderConfig.clientSecret

The OIDC provider's client secret to enable OIDC code flow.

Signature:

clientSecret?:string;

OIDCAuthProviderConfig.issuer

This is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. [/.well-known/openid-configuration](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following:

  • To verify the provided issuer.
  • Determine the authentication/authorization endpoint during the OAuthid_token authentication flow.
  • To retrieve the public signing keys viajwks_uri to verify the OIDC provider's ID token's signature.
  • To determine the claims_supported to construct the user attributes to be returned in the additional user info response.
ID token validation will be performed as defined in the [spec](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).

Signature:

issuer:string;

OIDCAuthProviderConfig.responseType

The OIDC provider's response object for OAuth authorization flow.

Signature:

responseType?:OAuthResponseType;

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2022-07-29 UTC.