Skip to content

OIDC SSO: endpoints #9654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: development
Choose a base branch
from
Open

OIDC SSO: endpoints #9654

wants to merge 2 commits into from

Conversation

Karuna-Mendix
Copy link
Collaborator

@Karuna-Mendix Karuna-Mendix self-assigned this Jun 10, 2025
JaapF
JaapF reviewed Jun 25, 2025
View reviewed changes
content/en/docs/appstore/use-content/platform-supported-content/modules/oidc.md
* `post_logout_redirect`: The URL to which users are redirected after they successfully log out from the application. This helps ensure a seamless user experience by taking them to a predefined page after logout.
* `redirect_uri`: The callback URL that receives the authorization response from the IdP after the user successfully authenticates. This endpoint processes the returned authorization code or token to complete the login process.
For example, `https://<YOUR_APP_URL>/oauth/v2/callback`.
* `/.well-known/openid_configuration`: A standardized URL exposed by the IdP to initiate OAuth2 authorization.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the explanation that Copliot gives me better:

"In the OIDC (OpenID Connect) protocol, the .well-known endpoint provides a standardized URL where clients can retrieve the OpenID Provider's configuration metadata, enabling dynamic discovery of important endpoints and capabilities."

JaapF
JaapF reviewed Jun 25, 2025
View reviewed changes
content/en/docs/appstore/use-content/platform-supported-content/modules/oidc.md
* `jwks_uri`: URL exposing the JSON Web Key Set (JWKS), which contains the public keys used to validate token signatures.
* `introspection_endpoint` (optional): An endpoint provided by the IdP to validate or introspect tokens (optional, depending on the IdP).
* `end_session_endpoint`: Used to initiate logout at the IdP. This endpoint ensures that the user is logged out from both the Mendix app and the IdP, effectively terminating the entire SSO session.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add some explanation, like:

"If you have a firewall between your application and your IdP, please make sure it's properly configured for the consumption of these endpoints".

Or maybe we should add this to the trouble shooting section.
"9.7 Endpoints cannot be reached.
This may be cause by wrong configuration of your firewall. If you have a firewall between your application and your IdP, please make sure it's properly configured for the consumption of these endpoints".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JaapF JaapF JaapF left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@Karuna-Mendix Karuna-Mendix

Labels
Needs R&D technical verification
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Karuna-Mendix @JaapF