Skip to content

OIDC Provider: CustomRedirectLogicMicroflow update #9300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 15, 2025
+13 −1
Merged

OIDC Provider: CustomRedirectLogicMicroflow update #9300

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
10b0523
add info about CustomRedirectLogicMicroflow
Karuna-Mendix Apr 2, 2025
4e5f044
removed the limitation
Karuna-Mendix Apr 14, 2025
a9b0e1b
versions update
Karuna-Mendix Apr 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion .../docs/appstore/use-content/platform-supported-content/services/oidc-provider.md
View file
Original file line number Diff line number Diff line change
@@ -22,6 +22,7 @@ Certain OIDC Provider module versions are compatible with certain versions of St

| Mendix Version | OIDC Provider Version |
| --- | --- |
| 10.21.01 and above | 4.2.0 and above |
| 10.12.10 and above | 4.0.0 and above |
| 9.24.18 and above | 3.2.0 and above |

@@ -100,7 +101,6 @@ The OIDC Provider has the following features and limitations:
* The hybrid resource owner password credential is not supported, although the OIDC Provider may contain some (rudimentary) implementation to support it.
* The OIDC Provider service ignores "email", "phone" and "profile" scope values (as specified by OIDC specs) when the client includes these in an authentication request. Instead, the OIDC Provider service will include user claims in an ID-token based on a custom microflow, regardless of the scopes in the request.
* Front channel and back-channel logout are implemented as alpha features.
* The module does not support `CustomRedirectLogicMicroflow` constant.

### Dependencies

@@ -482,6 +482,18 @@ You need to configure the OIDC SSO module in your app which is using the IAM bro
1. Login by entering credentials of the user which you have created earlier on OIDC provider Accounts section.
You should be able to login successfully and get into the index.html page

## Using `CustomRedirectLogicMicroflow` Microflow

Use the constant `CustomRedirectLogicMicroflow` to specify which microflow determines where the user should be directed. This microflow has the following signatures:

**Input Parameter**: `username` (String) – The username of the user logging in.

**Return Value**: `Boolean` – Indicates whether the user should be sent to the client application or to the SSO provider application.

**True**: Direct the user to the client application (their original destination).

**False**: Direct the user to the SSO provider application.

## Token Formats for Non-Custom Claims

### Non-Custom Claims in Access Token