External OIDC Provider Configuration
Required for integrating with external OIDC providers (e.g., enterprise SSO solutions, custom identity providers, third-party OIDC services).
Table name: oidc_provider_config
| Field | Type | Description |
|---|---|---|
| tenant_id | CHAR(10) | Tenant identifier (Part of Primary Key) |
| provider_name | VARCHAR(50) | Unique name for the OIDC provider within the tenant (Part of Primary Key) |
| issuer | TEXT | OIDC provider issuer URL (e.g., https://provider.example.com) |
| jwks_url | TEXT | JSON Web Key Set URL for token verification |
| token_url | TEXT | Token endpoint URL for exchanging authorization codes |
| client_id | VARCHAR(256) | OAuth client ID registered with the OIDC provider |
| client_secret | TEXT | OAuth client secret for the OIDC provider |
| redirect_uri | TEXT | Redirect URI registered with the OIDC provider |
| client_auth_method | VARCHAR(256) | Client authentication method (e.g., “client_secret_basic”, “client_secret_post”) |
| is_ssl_enabled | BOOLEAN | Whether SSL is enabled for communication with the provider (default: true) |
| user_identifier | VARCHAR(20) | Field to use for user identification: “email” or “sub” (default: “email”) |
| audience_claims | JSON | Array of audience claim values expected in ID tokens |
Prerequisites
Section titled “Prerequisites”- Tenant Configuration - A tenant must be created first
- Client Configuration - OAuth client must be configured
- Token Configuration - Required for all flows
- User Configuration - Required for all flows
Related Configurations
Section titled “Related Configurations”External OIDC provider authentication uses the basic mandatory configurations: