Skip to content

Commit a7a108e

Browse files
committed
Merge branch 'MvM-OIDCProvider' of https://github.com/mendix/docs into MvM-OIDCProvider
2 parents f03f1c9 + e3fb78a commit a7a108e

File tree

1 file changed

+5
-7
lines changed

1 file changed

+5
-7
lines changed

content/en/docs/appstore/modules/oidc-provider.md

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,6 @@ The OIDC Provider has the following features and limitations:
4949
* The hybrid resource owner password credentials, and client credential grants are not supported, although the OIDC Provider may contain some (rudimentary) implementation to support them.
5050
* The OIDC Provider module ignores "email", "phone" and "profile" scope values (as specified by OIDC specs) when the client includes these in a authentication request . Instead, the OIDC Provider module will include user claims in an ID-token based on a custom microflow, regardless of the scopes in the request.
5151
* Front channel and back-channel logout are implemented as alpha features.
52-
* The current implementation of setting custom claims in the generated ID-tokens is not working properly in this release as the custom attribute names that you would define is incorrectly set in the ID-token. If you want to set custom claims, you will have to customize the OIDC Provider module.
5352

5453
### 1.3 Dependencies
5554

@@ -125,7 +124,7 @@ The rest of the configuration can be performed through the app.
125124
1. Open the **Scopes** tab.
126125
1. Create **New** scopes with the **Scope type** set to **Standard**.
127126

128-
This page sets up a single list of all the scopes that are known to the OIDC Provider module. For each client, you can then choose the scopes used by that specific client.
127+
This page sets up a single list of all the scopes that are known to the OIDC Provider module. For each client, you can then choose the scopes used by that specific client. See [Configuring Centralized Authorization](#configuring-authorization) for more information on what scopes you should set.
129128

130129
1. Open the **Clients** tab.
131130
1. Click **New Client Registration**.
@@ -151,8 +150,8 @@ To check that this works, you will need a tool for testing APIs (such as [Postma
151150
"redirect_uris" : [ http://localhost:8081/oauth/v2/callback ],
152151
"backchannel_logout_uri" : http://localhost:8081/logout,
153152
"post_logout_redirect_uris" : [http://localhost:8081/logout],
154-
"grant_types": [ "authorization_code","password" ],
155-
"scope": "openid"
153+
"grant_types": [ "authorization_code" ],
154+
"scope": "User"
156155
}
157156
```
158157

@@ -165,10 +164,9 @@ To check that this works, you will need a tool for testing APIs (such as [Postma
165164
],
166165
"grant_types": [
167166
"authorization_code",
168-
"password"
169167
],
170168
"client_secret_expires_at": 0,
171-
"scope": "openid",
169+
"scope": "User",
172170
"client_secret": "ClientSecret",
173171
"redirect_uris": [
174172
"http://localhost:8081/oauth/v2/callback"
@@ -269,7 +267,7 @@ Some examples of existing claims are:
269267

270268
If the claim with ‘scope’ is created, the scope value in access token and id-token gets overwritten with the claim value
271269

272-
* …..aud
270+
* aud
273271
* sub
274272
* iss
275273
* name

0 commit comments

Comments
 (0)