OpenID
OIDC - OpenID Connect, OAuth 2.0 authentication for Single Sign-On
In this article, we will provide a general overview of how to connect your identity provider with OpenID. However, we also have dedicated documentation for connecting with popular identity providers ( Google | Okta | Azure AD)
Configuring SSO for UI Bakery involves two main steps:
Configuring integration in your identity provider;
Configuring SSO in your UI Bakery instance using environment variables.
Configure UI Bakery integration in your identity provider
The configuration process may vary depending on your chosen identity provider, but there are some common considerations to keep in mind.
UI Bakery supports only the Authorization Code Flow.
The redirect callback is
https://YOUR_INSTANCE/auth/oauth2/callback
UI Bakery instance configuration
To enable UI Bakery to use your OpenID provider, set the following environment variables:
For some providers, you may need to configure additional variables:
If you need to pass additional parameters to the token endpoint, use the variable
UI_BAKERY_OAUTH_TOKEN_URL_ADDITIONAL_PARAMS={"entity_id": "asd"}
By default, UI Bakery expects the
email
field to exist in the user info response. If the email is placed in another field, you can adjust it using the variableUI_BAKERY_OAUTH_EMAIL_KEY
, for example,UI_BAKERY_OAUTH_EMAIL_KEY=myemail
.By default, UI Bakery expects the
sub
(subject) field to exist in the user info response. If the user ID is placed in another field, you can adjust it using the variableUI_BAKERY_OAUTH_ID_KEY
, for example,UI_BAKERY_OAUTH_ID_KEY=myid
Using SSO token in data source requests
If you have connected OpenID SSO, you can use the user token to authenticate data source requests. To enable this feature, set the env variable UI_BAKERY_SSO_BROADCAST_TOKEN
to true
. Once this variable is set, you can use placeholders UI_BAKERY_SSO_TOKEN
and UI_BAKERY_SSO_ID_TOKEN
in your HTTP/GraphQL/OpenAPI data sources:
Last updated