Getting Started With WWPass OpenID Connect and OAuth2 Identity Provider
This document describes how to get started using WWPass OpenID Connect and OAuth2 identity provider with your applications.
Introduction
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
WWPass implements its own OpenID Connect and OAuth2 capable identity provider powered by the WWPass strong authentication and data encryption technology.
This guide will lead you through the steps needed to start using WWPass OpenID Connect and OAuth2 identity provider for user authentication in your applications.
Prerequisites
Before starting using WWPass OpenID Connect and OAuth2 identity provider, you should create a WWPass developer account. Open https://wwpass.com with your browser, click Log in, and follow the instruction to create a new developer account.
Once you created the developer account, you need to register your application domain. Log in to your account, choose Add new application.
Then if you intend to use WWPass with Auth0, select Auth0 and enter your Auth0 tenant name. Otherwise select OpenID Connect. Then follow the instructions to register and verify your application domain.
Setting Up OpenID Connect and OAuth2
Сlick Edit IdP Settings to open the IdP configuration page. Particular settings depend on the application you use. This document provides example settings for some commonly-used applications.
Typically you need to perform the following steps:
- Save the client secret in a safe place. You may either instantly copy it to your application settings or store it in a password manager you trust. We suggest using PassHub for storing such information. You can reset the client secret any time later;
- Change Callback URI to match the callback URI of your application, refer to your application documentation for more information;
- Make sure the rest of the settings match the corresponding settings of your application;
When finished, click Save to save IdP settings.
Copy OpenID Connect or OAuth2 URIs to you application settings.
Test authentication in your application. If everything is configured properly, your application will redirect you to https://oidc.wwpass.com/. Log in with your WWPass Key. During the first login, WWPass IdP will ask you to provide your email address and other information requested by your application. Once you provide the required information, WWPass IdP will redirect you back to your application as logged-in user.
Auth0 With OpenID Connect
Open Auth0 dashboard
Navigate to Branding -> Universal Login. If your current setting is Classic switch to New.
Next navigate to Authentication -> Enterprise. Click + against OpenID Connect to add a new connection. Make the following settings:
- Set Connection name to any name that will allow you to identify this connection later;
- Set Issuer URL to
https://oidc.wwpass.com/.well-known/openid-configuration; - Set Client ID to the Client ID from the corresponding WWPass application page;
- Set Sync user profile attributes at each login: to any position depending on your preference;
- Click Create to create the connection.
- The next page allows you to customize the login experience. We recommend checking Display connection as a button. Finally, select which Auth0 applications can use this connection.