Configuring OIDC for FusionAuth

1. Configure OpenID with FusionAuth

In the following example we will setup a FusionAuth OpenID Connect configuration. We need to give it a name and a tenant (if there is a tenant other than the default). Then click save.

1.1. First we need to create a FusionAuth application.

Create FusionAuth app

1.2. You will need to immediately edit the application

  1. Set the redirect URL to your CleanSpeak URL with a path of /oauth for example: https://example-cleanspeak.inversoft.io/oauth.

  2. Copy your client id and client secret for later

  3. (Optional) Set the logout URL to your CleanSpeak URL so that after a logout the users will be redirected back to the login page.

  4. (Optional) Remove the refresh token grant to lock down the security.

FusionAuth app redirect settings

1.3. Now we need to copy the values from the last step into the CleanSpeak configuration.

  1. Copy client id and client secret

  2. Set the issuer to the domain of your fusionauth domain. Ex: https://local.fusionauth.io

  3. Set the button text. Ex: Login with FusionAuth

  4. (Optional) Set the button image. Ex: https://local.fusionauth.io/images/icon.png (Hint: there is a fusionauth icon available at /images/icon.png on every instance of FusionAuth)

  5. (Optional) Set the logout url so that a user is logged out of FusionAuth globally. Ex: https://local.fusionauth.io/oauth2/logout

  6. Save

OpenID settings OpenID login