OIDC (OpenID Connect)¶
The OIDC backend allows authentication against a generic OIDC provider. The backend class is OpenIdConnectAuth with name oidc. A minimum configuration is:
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = 'https://.....' SOCIAL_AUTH_OIDC_KEY = '<client_id>' SOCIAL_AUTH_OIDC_SECRET = '<client_secret>'
The remaining configuration will be auto-detected, by fetching:
This class can be used standalone, but is also the base class for some other backends.
The OIDC backend will check for a
preferred_username key in the values
returned by the server. If the username is under a different key, this can
SOCIAL_AUTH_OIDC_USERNAME_KEY = 'nickname'
This setting indicates that the username should be populated by the
nickname claim instead.
The default set of scopes requested are “openid”, “profile” and “email”. You can request additional claims, for example:
SOCIAL_AUTH_OIDC_SCOPE = ['groups']
and you can prevent the inclusion of the default scopes using:
SOCIAL_AUTH_OIDC_IGNORE_DEFAULT_SCOPE = True