You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.
1. Setup
To login using openid-connect an identity provider is needed.
For login via the UI, only the Authorization Code Flow (with response-type=code) is supported
Multiple openid connect identity providers at the same time are not supported
2. How does it work
3. Exception handling
If any exception occurs, a page with a custom exception is shown.
Detailed information about the exception can be found in the log when your log level is on DEBUG
4. How to configure an openid-connect identity provider
The identity provider needs to be configured in application.properties and added to blueriq.security.auth-providers-chain. The client id, client secret and public key are mandatory and can be extracted from the identity provider.
Blueriq uses the id token to extract the information needed to login. Username, teams and roles from id token are mapped to Blueriq UserData. For the roles and teams the path to the roles and teams in the token can be configured.
There are some optional validation checks that can be executed when validating the access token. One of them is the audience check. This check can be configured.
5. Angular Front-End
Blueriq exposes two endpoints for customers that are using Angular Front-End. These endpoints can be used as described in the algorithm at section 5.3.
5.1. Login Endpoint
Description
Login endpoint that returns the URL required for calling the authorization endpoint of OpenID Connect Identity Provider.
Parameters
Query Parameter | Expected Type | Description | Required |
---|---|---|---|
redirect_uri | string | Redirection URI to which the response will be sent. | true |
5.2. Callback Endpoint
Description
Exchanges authorization code for token and authenticates user in Blueriq.
Parameters
Query Parameter | Expected Type | Description | Required |
---|---|---|---|
code | string | The authorization code to be exchanged for tokens. | true |
redirect_uri | string | The Redirection URI that was used to obtain the authorization code. | true |
state | string | Opaque value used to maintain state between the request and the callback | true |
5.3. Algorithm
The algorithm that can be used in order to login is the the following: