Hub 2019.1 Help

OpenID Connect

According to the OpenID Specification, OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

In Hub 2017.2, we supported OpenID Connect protocol. You can now use your Hub service as the OpenID Provider for your web-applications.

Hub OpenID Connect Endpoint

Hub supports auto-discovery for the OpenID Connect. Thus, OpenID Connect Endpoint for your Hub service is as follows:

<Hub Service BaseURL>/.well-known/openid-configuration

If your client service does not support auto-discovery, then use the following endpoints for your Hub as the OpenID Connect provider:

End-point type

End-point URL

Authorization endpoint

<Hub Service BaseURL>/api/rest/oauth2/auth

Token endpoint

<Hub Service BaseURL>/api/rest/oauth2/token

User info endpoint

<Hub Service BaseURL>/api/rest/oauth2/userinfo

JWKS endpoint

<Hub Service BaseURL>/api/rest/oauth2/keys

General Configuration

To use Hub as an OpenID Connect Provider

  1. In your client service, provide the endpoint of the Hub service.

  2. Register your client service in Hub:

    • On the Services page, click the New service... button.

    • In the dialog, enter a name for your service and its URL. Then click the Create button. The new service is created.

    • On the Settings page of the new service, provide the Redirect URIs to which Hub should redirect a user.

Last modified: 17 February 2020