-
Notifications
You must be signed in to change notification settings - Fork 25
OAuth and OpenID configuration
We use Keycloak as the Identity Management platform on the server. Keycloak is connected to the IIT Mandi LDAP database. Keycloak supports OAuth 2.0 and OpenID Connect. OpenID Connect is based on OAuth, with the difference being that OpenID Connect is used for establishing identity, while OAuth 2.0 is used for establishing if a user is authorized to access a resource.
For most purposes, OpenID Connect should be sufficient and is much easier to configure correctly so that the app can communicate with Keycloak.
The OAuth and OpenID endpoint details are available at: https://keycloak.iitmandi.co.in/auth/realms/SNTC-LDAP/.well-known/openid-configuration
It is also the OpenID Connect discovery document URL.
Your app should already support OAuth 2.0/OpenID Connect client features. Libraries and packages to add this functionality are available for almost all popular frameworks.
For OpenID Connect, you should ideally require only two fields, client name as well as the discovery document URL. The discovery document URL is given above. The client name is the name of your app as configured in Keycloak - you need to contact one of the STNC System Admins to get your app configured in Keycloak, who will then provide you this information.
OAuth 2.0 configuration is much more fine grained. The endpoint details are given in the discovery document URL above, but as for the configuration you will probably need to search for how to connect apps to Keycloak via OAuth 2.0.