OpenID Connect
Last updated
Last updated
Every SSO provider is a little bit different. Please contact us with any questions!
Check the "scopes" configuration of your authorization server, and verify there is a scope called groups
. If not, add a scope named groups
.
Field | Value |
---|---|
Allowed grant types | Authorization Code |
Login redirect URIs | TBD - provided by Appetize.io |
Initiate login URI | TBD - provided by Appetize.io |
We will need to configure your SSO provider to send over the user's groups assignments after a successful login.
The following example shows how to pass through groups with prefix appetize_* as a groups claim within OKTA. This can be done by adding the groups claim to your authorization server at API -> Authorization Servers. For some OKTA clients, this can also be done under the "Sign On" section in your app's configuration, where you can add groups the same way.
1. We will need the "Client ID" and "Client secret" for the app you just created.
2. We will also need your Metadata URI, often called "Discovery URL". For example: https://dev-548472.oktapreview.com/oauth2/default/.well-known/oauth-authorization-server
In OKTA, this is available in Security -> API -> Authorization servers -> Choose Server.
If the metadata endpoint is not available, you may also specify the required fields below:
authorization_endpoint
token_endpoint
userinfo_endpoint
jwks_uri
issuer
introspection_endpoint