You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/appstore/use-content/platform-supported-content/modules/oidc.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -315,18 +315,20 @@ In this case, the OIDC client is the app you are making.
315
315
316
316
**Client assertion** is automatically set to *Client ID and Secret*.
317
317
318
-
4. Choose the **Client authentication method** — make sure that you select a method that is supported by your IdP. You can normally check this via the `token_endpoint_auth_methods_supported` setting on the IdP’s well-known endpoint. Also ensure that the correct client authentication method is configured at the IdP when you register the client.
318
+
4. Choose the **Client authentication method** — make sure that you select a method that is supported by your IdP. You can normally check this via the `token_endpoint_auth_methods_supported` setting on the IdP’s well-known endpoint. Also, ensure that the correct client authentication method is configured at the IdP when you register the client.
319
319
320
320
The options are:
321
-
*`client_secret_basic`: Your app will use the HTTP Basic Authentication scheme to authenticate itself at your IdP. (Default – for security reasons this should be your preferred choice.) The `client_secret_basic` makes use of the `client-id` and `client-secret`.
322
-
*`client_secret_post`: Your app will authenticate itself by including its `client_id` and `client_secret` in the payload of token requests. (Older versions of the OIDC SSO module used this method).
323
-
*`private_key_jwt`: This method uses asymmetric key cryptography (algorithm) for authentication. When you select `private key` option, you can configure below fields:
321
+
*`client_secret_basic`: Your app will use the HTTP Basic Authentication scheme to authenticate itself at your IdP. (Default – for security reasons, this should be your preferred choice.) The `client_secret_basic` makes use of the `client-id` and `client-secret`.
322
+
*`client_secret_post`: Your app will authenticate itself by including its `client_id` and `client_secret` in the payload of token requests. (Older versions of the OIDC SSO module used this method.)
323
+
*`private_key_jwt`: This method uses asymmetric key cryptography (algorithm) for authentication. When you select the `private key` option, you can configure below fields:
Once you **Save** the configuration, a key pair is automatically generated. Before you set up the private key
328
328
authentication in your Mendix App, complete the JWKS configuration at your IdP, for example, Okta. For more information, see the [Configuring JWKS at Your IdP (Okta)](#jwks-okta) section.
329
329
330
+
{{% alert color="info" %}} Requests signed with the new key may fail until Okta refreshes its key cache by calling the `/jwks` endpoint. {{% /alert %}}
331
+
330
332
5. Add the **Client Secret**.
331
333
6. If you have the **Automatic Configuration URL** (also known as the *well-known endpoint*), enter it and click **Import Configuration** to automatically fill the other endpoints.
0 commit comments