commit 639e27

2024-02-24 16:58:08 Hargata Softworks: z

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9

`openid.md` ..
@@ 10,6 10,7 @@
	OpenIDConfig__TokenURL=URL to retrieve user JWT from the Provider
	OpenIDConfig__RedirectURL=https://<yourlubeloggerdomain.com>/Login/RemoteAuth(must be HTTPS)
	OpenIDConfig__Scope=The scope for retrieving the user's email claim(usually it's just 'email')
+	OpenIDConfig__ValidateState=true/false(default: false) - whether LubeLogger should validate state.
	```

	If you're using the Windows Standalone executable, add the following section into `appsettings.json`
@@ 22,7 23,8 @@
	"AuthURL": "",
	"TokenURL": "",
	"RedirectURL": "",
-	"Scope": ""
+	"Scope": "",
+	"ValidateState": true/false
	}
	```

@@ 36,8 38,13 @@
	OpenIDConfig__TokenURL=https://oauth2.googleapis.com/token
	OpenIDConfig__RedirectURL=https://localhost:5011/Login/RemoteAuth
	OpenIDConfig__Scope=email
+	OpenIDConfig__ValidateState=true
	```

+	## State Validation
+	The ValidateState environment variable determines if LubeLogger should validate the state token echoed back by the OIDC provider. This is set to false by default, if enabled, LubeLogger will fail any login attempts where the state token is not identical to what it sent to the provider. Leave this disabled if you wish to have IdP-initiated SSO.
+
+	## Testing
	Once you have all these environment variables injected correctly, you should see the ability to login via your OIDC provider. Note: Currently LubeLogger only supports one OIDC provider.

	![](/OpenID/a/image-1708052127031.png)