OAuth

OAuth authentication plugin allows to authenticate Web UI users via an external system supporting OAuth 2.0 protocol.

Once an OAuth provider is added and configured, web UI login page allows users to click on provider's name to initiate authentication via a third-party system.

OAuth is enabled and controlled through Service Providers table available in global settings of OAuth plugin. It has the following fields:

Provider. Unique user-defined ID of the service provider.
Description. Description of the providers that will be shown on the web UI login page. Clicking on the provider description will initiate OAuth-backed authentication process via the selected provider.
Settings. Settings for this service provider:

Protected Resource URL	OAuth request URL, i.e. URL of provider's web page that contain information about the user being authenticated
Client ID	Provider's client ID received from a third-party system.
Client Secret	Provider's client password received from a third-party system.
Public Key	Public key registered with the authorization server. Used when retrieving or verifying access tokens.
Access Token Endpoint	URL of provider's web page that receives access token requests
Authorization URL	URL of provider's web page to that a user will be redirected during the OAuth authorization process
Logout Token Endpoint	URL of provider's web page which allows Iotellect Server to notify the authorization server that a previously obtained refresh or access token is no longer needed
Scope	OAuth scope that is only necessary in some APIs
Callback URL	OAuth callback URL is the address to that the authorization server will redirect the user after successful authentication. It must include valid Iotellect Server's host name followed by `/wd?provider=`provider_id.
Identifying Token Parameter	Name of Identifying Token's parameter that will be compared to either: Iotellect Server user property pointed by User Identifying Field in order to find a local user account that will be authenticated, if the User Identifying Field is empty. The result of evaluating the User Identifying Expression, if the User Identifying Field if empty. If there is an exact match, the user is granted access, otherwise the user is not authenticated.
Use Open ID	OpenID is commonly used for Single Sign-On (SSO) scenarios, where a user can log in to one application (the OpenID provider) and then access multiple other applications (relying parties) without having to log in again.
User Context Field Mapping	Each row creates a mapping between a variable in the user context, User Context Fields, and an identity element returned by the ID token, ID Token Fields.
User Identifying Field	Iotellect Server user properties field whose value will be compared to the Identifying Token Parameter to find a local user account that will be authenticated. If left blank, the result of the User Identifying Expression will be used instead.
User Identifying Expression	Expression is evaluated for each user in Iotellect, with the user being evaluated as the default context. If the result of one of these evaluations is exactly equal to the value from the Identifying Token Parameter, the user is granted access.

DPF_EXPORT_V5.8.8 / TIME_1743710546 / 2025-04-03 20:02:26 / STRLEN_4689 / STRLEN_HTML_4470

{VERSION}

Was this page helpful?