Skip to main content

Generic OAuth2 Login Provider - Knowledgebase / Connect LoginProvider - Bare.ID - Support

Generic OAuth2 Login Provider

Authors list

To connect any OAuth2-compatible login provider, the ‘Generic OAuth2 login provider’ offers corresponding configurations.

Connect OAuth2 login provider in Bare.ID

All fields and options that can be filled or set for the connection as an external login provider are displayed on the ‘Connect OAuth2’ page.

  • Name: Specify a unique and descriptive name for the login provider. This will also be displayed on the button on the login page for users.

  • Description: Optionally add a description of the login provider that uniquely identifies it during administration.

  • Login provider ID: Specify a unique ID for the login provider. This can no longer be changed after saving.

  • Redirect URL: This URL must be stored in the OAuth2 login provider and cannot be edited.

  • Display position: If several login providers are connected, define the position that the login provider button should occupy on the login page here.

  • Client ID: Client ID from the OAuth2 provider

  • Client Secret: Client Secret from the OAuth2 provider

  • Authorization URL: URL for the authorization. This URL is used to direct the user to the login

  • Token URL: URL for the token exchange. This URL is used to exchange the authorization code for a token.

  • User Info URL: URL for user information. This URL is used to retrieve information about the authenticated user.

  • User ID Attribute: JSON path to the user ID in the response JSON of the user info endpoint.

  • Username attribute: JSON path to the user name in the response JSON of the user info endpoint.

An example of the use of the user info endpoint

Configuration

  • User Info URL: https://api.example.com/v1/user/info

  • User ID attributes: user.refId

  • Username attribute: user.mail

Request for user data:

Authorization: Bearer <ACCESS-TOKEN>
GET https://api.example.com/v1/user/info

Response from the server

Content-type: application/json
Body:
{
  "user": {
    "mail": "user@example.com",
    "firstname": "Jane",
    "lastname": "Doe",
    "refId": "0a86dc40-7fea-4934-8414-b4d40318aa91"
  }
}

The required attributes are then resolved as follows:

  • User ID attribute: 0a86dc40-7fea-4934-8414-b4d40318aa91

  • Username attribute: user@example.com