Commit 639e27

2024-02-24 16:58:08 Hargata Softworks: z
openid.md ..
@@ 10,6 10,7 @@
OpenIDConfig__TokenURL=URL to retrieve user JWT from the Provider
OpenIDConfig__RedirectURL=https://<yourlubeloggerdomain.com>/Login/RemoteAuth(must be HTTPS)
OpenIDConfig__Scope=The scope for retrieving the user's email claim(usually it's just 'email')
+ OpenIDConfig__ValidateState=true/false(default: false) - whether LubeLogger should validate state.
```
If you're using the Windows Standalone executable, add the following section into `appsettings.json`
@@ 22,7 23,8 @@
"AuthURL": "",
"TokenURL": "",
"RedirectURL": "",
- "Scope": ""
+ "Scope": "",
+ "ValidateState": true/false
}
```
@@ 36,8 38,13 @@
OpenIDConfig__TokenURL=https://oauth2.googleapis.com/token
OpenIDConfig__RedirectURL=https://localhost:5011/Login/RemoteAuth
OpenIDConfig__Scope=email
+ OpenIDConfig__ValidateState=true
```
+ ## State Validation
+ The ValidateState environment variable determines if LubeLogger should validate the state token echoed back by the OIDC provider. This is set to false by default, if enabled, LubeLogger will fail any login attempts where the state token is not identical to what it sent to the provider. Leave this disabled if you wish to have IdP-initiated SSO.
+
+ ## Testing
Once you have all these environment variables injected correctly, you should see the ability to login via your OIDC provider. Note: Currently LubeLogger only supports one OIDC provider.
![](/OpenID/a/image-1708052127031.png)
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9