Guardian OIDC Provider Configuration
If you want Guardian to act as an OIDC provider (allowing other applications to authenticate users through Guardian), configure these settings.
Table name: oidc_config
| Field | Type | Description |
|---|---|---|
| tenant_id | CHAR(10) | Tenant identifier (Primary Key) |
| issuer | VARCHAR(255) | Base URL of the Guardian OIDC issuer (e.g., https://guardian.example.com) |
| authorization_endpoint | VARCHAR(255) | Authorization endpoint URL |
| token_endpoint | VARCHAR(255) | Token endpoint URL |
| userinfo_endpoint | VARCHAR(255) | UserInfo endpoint URL |
| revocation_endpoint | VARCHAR(255) | Token revocation endpoint URL |
| jwks_uri | VARCHAR(255) | JSON Web Key Set URI |
| grant_types_supported | JSON | Array of supported grant types (e.g., [“authorization_code”, “refresh_token”]) |
| response_types_supported | JSON | Array of supported response types (e.g., [“code”]) |
| subject_types_supported | JSON | Array of supported subject types (e.g., [“public”]) |
| id_token_signing_alg_values_supported | JSON | Array of supported ID token signing algorithms (e.g., [“RS256”, “RS512”]) |
| token_endpoint_auth_methods_supported | JSON | Array of supported token endpoint auth methods |
| login_page_uri | VARCHAR(512) | Custom login page URI (optional) |
| consent_page_uri | VARCHAR(512) | Custom consent page URI (optional) |
| authorize_ttl | INT | Authorization code time-to-live in seconds (optional) |
Prerequisites
Section titled “Prerequisites”- Tenant Configuration - A tenant must be created first
- Client Configuration - OAuth client must be configured
- Token Configuration - Required for all flows
- User Configuration - Required for all flows
Related Configurations
Section titled “Related Configurations”Guardian as OIDC provider uses the basic mandatory configurations: