Authenticating via OpenID Connect
Configure OpenID Connect(OIDC) for LubeLogger via the following environment variables
OpenIDConfig__Name=Name of the OpenID Connect Provider OpenIDConfig__ClientId=Client Id to Authenticate with the Provider OpenIDConfig__ClientSecret=Client Secret to Authenticate with the Provider OpenIDConfig__AuthURL=Authorization URL to the Provider's Login Page OpenIDConfig__TokenURL=URL to retrieve user JWT from the Provider OpenIDConfig__RedirectURL=https://<yourlubeloggerdomain.com>/Login/RemoteAuth(must be HTTPS) OpenIDConfig__Scope=The scope for retrieving the user's email claim(usually it's just 'email')
If you're using the Windows Standalone executable, add the following section into appsettings.json
"OpenIDConfig": { "Name": "", "ClientId": "", "ClientSecret": "", "AuthURL": "", "TokenURL": "", "RedirectURL": "", "Scope": "" }
The following sample shows how to set up OIDC with Google as the provider with the LubeLogger instance running on https://localhost:5011
OpenIDConfig__Name=Google OpenIDConfig__ClientId=xxx.apps.googleusercontent.com OpenIDConfig__ClientSecret=<your Google API Client Secret> OpenIDConfig__AuthURL=https://accounts.google.com/o/oauth2/auth OpenIDConfig__TokenURL=https://oauth2.googleapis.com/token OpenIDConfig__RedirectURL=https://localhost:5011/Login/RemoteAuth OpenIDConfig__Scope=email
Once you have all these environment variables injected correctly, you should see the ability to login via your OIDC provider. Note: Currently LubeLogger only supports one OIDC provider.
LubeLogger uses the user's email address to authenticate against a registered user, the email address provided by the OIDC provider must match the email address of the user in the system.
If the user is attempting to login via OIDC but does not have an account with LubeLogger, they will be prompted for a registration token and to set up a username which will then allow them to log in.