Configuring OpenID Connect

1. Configure OpenID Connect

OpenID Connect is an extension that adds identity to OAuth2.

To configure OpenID Connect you need 3 things

  1. Client ID

  2. Client Secret (Sometimes empty/not required)

  3. Issuer (99% of the time this is just the domain of the provider) Ex:

1.1. FusionAuth Example

In the following example we will setup a FusionAuth OpenID Connect configuration. We need to give it a name and a tenant (if there is a tenant other than the default). Then click save.

1.1.1. First we need to create a FusionAuth application.

Create FusionAuth app

1.1.2. You will need to immediately edit the application

  1. Set the redirect URL to your CleanSpeak URL with a path of /oauth for example:

  2. Copy your client id and client secret for later

  3. (Optional) Set the logout URL to your CleanSpeak URL so that after a logout the users will be redirected back to the login page.

  4. (Optional) Remove the refresh token grant to lock down the security.

FusionAuth app redirect settings

1.1.3. Now we need to copy the values from the last step into the CleanSpeak configuration.

  1. Copy client id and client secret

  2. Set the issuer to the domain of your fusionauth domain. Ex:

  3. Set the button text. Ex: Login with FusionAuth

  4. (Optional) Set the button image. Ex: (Hint: there is a fusionauth icon available at /images/icon.png on every instance of FusionAuth)

  5. (Optional) Set the logout url so that a user is logged out of FusionAuth globally. Ex:

  6. Save

OpenID settings OpenID login

1.2. Azure Example

Azure OpenID has a slightly different workflow because it uses a slightly different path for the issuer. This is because Azure uses tenant specific OpenID URLs.

1.2.1. First we again need to create an application.

  1. First navigate to your portal

  2. Open Azure Active Directory

  3. Open App registrations on the new inner left menu. (The screen should look like the image below)

    Azure create app screen
  4. Click New registration

  5. Choose a name and set the redirect URI

    Azure create app ptII
  6. Click register

1.2.2. You should now see a screen like the following.

Azure application details

1.2.3. Now open CleanSpeak System Settings

  1. Paste{tenantId} into the issuer field of your. (With {tenantId} replaced with your own)

  2. Copy the Client ID from your azure application and paste that in the Client ID field of CleanSpeak

1.2.4. Now we need a client secret (which is required for all web based applications on Azure)

  1. Go to your Azure app

  2. Open certificates and secrets

  3. Click New client secret

  4. Choose a name for this secret and create it

  5. Copy the secret value to your CleanSpeak OpenID Settings

  6. Click save

1.2.5. You can now login with Azure

Azure login