Hub 2017.3 Help

OpenID Connect

According to the OpenID Specification, OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

In Hub 2017.2, we supported OpenID Connect protocol. You can now use your Hub service as the OpenID Provider for your web-applications.

Hub OpenID Connect Endpoint

Hub supports auto-discovery for the OpenID Connect. Thus, OpenID Connect Endpoint for your Hub service is as follows:

<Hub Service BaseURL>/.well-known/openid-configuration

If your client service does not support auto-discovery, then use the following endpoints for your Hub as the OpenID Connect provider:

End-point typeEnd-point URL
Authorization endpoint<Hub Service BaseURL>/api/rest/oauth2/auth
Token endpoint<Hub Service BaseURL>/api/rest/oauth2/token
User info endpoint<Hub Service BaseURL>/api/rest/oauth2/userinfo
JWKS endpoint<Hub Service BaseURL>/api/rest/oauth2/keys

General Configuration

To use Hub as an OpenID Connect Provider

  1. In your client service, provide the endpoint of the Hub service.
  2. Register your client service in Hub:
    1. On the Services page, click the New service... button.
    2. In the dialog, enter a name for your service and its URL. Then click the Create button. The new service is created.
    3. On the Settings page of the new service, provide the Redirect URIs to which Hub should redirect a user.
Last modified: 25 September 2017