Prerequested:
- SSL ceriticate for oAuth Provider.
- oAuth Consumers (the websites that can login)
This is only an Identity and Authentication setup, no Authorization. (a.k.a. no Roles are assigned) Setup on Provider: - SSL Website
- Modules: oauth2_server, openid_connect_sso
- Config:
-- admin/structure/oauth2-servers =>
-- Config: admin/structure/oauth2-servers/manage/main/clients
And on the Clients you get: - Config: admin/config/services/openid-connect
Note: Use the Dev variants of these modules due to implemenation issues.
This is only an Identity and Authentication setup, no Authorization. (a.k.a. no Roles are assigned) Setup on Provider: - SSL Website
- Modules: oauth2_server, openid_connect_sso
- Config:
-- admin/structure/oauth2-servers =>
{
"name" : "main",
"label" : "Main",
"settings" : {
"enforce_state" : true,
"default_scope" : "basic",
"allow_implicit" : 0,
"use_openid_connect" : 1,
"use_crypto_tokens" : 0,
"grant_types" : {
"authorization_code" : "authorization_code",
"client_credentials" : "client_credentials",
"refresh_token" : "refresh_token",
"password" : "password",
"urn:ietf:params:oauth:grant-type:jwt-bearer" : 0
},
"always_issue_new_refresh_token" : 1,
"unset_refresh_token_after_use" : 1,
"access_lifetime" : "3600",
"id_lifetime" : "3600",
"refresh_token_lifetime" : "1209600",
"require_exact_redirect_uri" : 0
},
"scopes" : [
{
"name" : "openid",
"description" : "Know who you are on oauth-provider.040lab.com"
},
{
"name" : "offline_access",
"description" : "Access the API when you\u0027re not present."
},
{ "name" : "email", "description" : "View your email address." },
{
"name" : "profile",
"description" : "View basic information about your account."
},
{ "name" : "basic", "description" : "Default Basic" }
]
}Array( ['label']=>"OpenId", ['Client ID']=>"040lab_user", ['Require a client secret']=>true, ['Client secret']=>"ItsPeanuteButterYellieTime" ['Redirect URIs']=>"https://oauth-provider.040lab.com/openid-connect/generic ", );
And on the Clients you get: - Config: admin/config/services/openid-connect
array( ['generic']=>true, ['Client ID']=>"040lab_user", ['Client secret'] =>"ItsPeanuteButterYellieTime", ['Authorization endpoint']=>"https://oauth-provider.040lab.com/oauth2/authorize", ['Token endpoint']=>"https://oauth-provider.040lab.com/oauth2/token", ['UserInfo endpoint']=>"https://oauth-provider.040lab.com/oauth2/UserInfo", ['Save user claims on every login']=>true, );