OpenID Connect
Standards-based authentication for modern applications
Overview
JOSSO EE provides full OpenID Connect (OIDC) support, enabling standards-based authentication for web applications, mobile apps, and single-page applications. Built on OAuth 2.0, OIDC provides identity verification with JWT tokens.
OAuth 2.0 compliant
JWT ID Tokens
PKCE Support
Supported Flows
Authorization Code Flow
Standard flow for server-side applications
Authorization Code + PKCE
Enhanced security for public clients
Implicit Flow
Legacy flow for SPA applications
Client Credentials
Machine-to-machine authentication
OIDC Endpoints
| Endpoint | Path |
|---|---|
| Authorization | /josso/oauth2/authorize |
| Token | /josso/oauth2/token |
| UserInfo | /josso/oauth2/userinfo |
| JWKS | /josso/oauth2/jwks |
| Discovery | /josso/.well-known/openid-configuration |
Client Registration
Register an OIDC Client
In the JOSSO Management Console, create a new Service Provider with OIDC protocol:
Client ID: my-web-app Client Secret: [generated] Redirect URIs: - https://app.example.com/callback - https://app.example.com/silent-callback Grant Types: - authorization_code - refresh_token Scopes: - openid - profile - email
Integration Example
JavaScript / TypeScript
import { UserManager } from 'oidc-client-ts';
const config = {
authority: 'https://idp.example.com/josso',
client_id: 'my-web-app',
redirect_uri: 'https://app.example.com/callback',
response_type: 'code',
scope: 'openid profile email',
post_logout_redirect_uri: 'https://app.example.com/',
};
const userManager = new UserManager(config);
// Login
await userManager.signinRedirect();
// Handle callback
const user = await userManager.signinRedirectCallback();
console.log('User:', user.profile);