ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE

This content has been translated automatically.  Click here  to view the French version.
Help / WLanguage / WLanguage functions / Communication / Managing the OAuth 2.0 protocol
  • Properties specific to OpenIDParameters variables
  • ConfigurationURL property
  • Authentication via "Client Secret Basic"
WINDEV
WindowsLinuxJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac Catalyst
Others
Stored procedures
The type OpenIDParameters is used to define all the advanced features of an authentication for OpenID. You can define and change the characteristics of this authentication for OpenID using different WLanguage properties.
Note: For more details on the declaration of this type of variable and the use of WLanguage properties, see Declaring a variable.
New in version 2025
Android Widget This type of variable is now available in Android widget mode.
Android This type of variable is now available for Android applications.
Example
OpenIDParams is OpenIDParameters
OpenIDParams.ConfigurationURL = "https://accounts.google.com/.well-known/OpenID-configuration"
OpenIDParams.ClientID = "1060349503186-pc7ahme???????7gk59q.apps.googleusercontent.com" 
OpenIDParams.ClientSecret = "oBTQL52?????y9-76MpiM"
OpenIDParams.RedirectionURL = "http://localhost:9846"

MyToken is AuthToken = AuthIdentify(OpenIDParams)
IF ErrorOccurred THEN
	Error(ErrorInfo())
	RETURN
END
MyIdentity is OpenIDIdentity = OpenIDReadIdentity(MyToken)
IF MyIdentity.Valid THEN
	Trace(MyIdentity.Email)
	Trace(MyIdentity.LastName)
	Trace(MyIdentity.FirstName)
END
Properties

Properties specific to OpenIDParameters variables

The following properties can be used to handle the parameters of an OpenID authentication:
Property nameType usedEffect
New in SaaS
ClientCertificate
Character string or BufferCorresponds to:
  • a string containing a path to the ".p12" file containing the certificate to be attached to the request. The certificate will be automatically loaded taking into account:
    • the certificate in the executable library (if it has been integrated into the application),
    • the certificate at the specified location on disk (if the certificate has not been integrated into the executable library).
  • a buffer with the certificate (fLoadBuffer).
If this property is set to an empty string (""), the default certificate is reset to "<None>".
AndroidAndroid Widget This property is not available.
Please note: This property is only available from version 2025 Update 1.
New in SaaS
ClientCertificatePassword
Character string or Secret stringPassword associated with the client certificate (empty string by default)
New in version 2025
Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "Ansi or Unicode string".
To learn more about secret strings and how to use the vault, see Secret string vault.
AndroidAndroid Widget This property is not available.
Please note: This property is only available from version 2025 Update 1.
ClientIDCharacter stringApplication identifier.
ClientSecretCharacter string or Secret stringSecret application identifier.
New in version 2025
Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "Ansi or Unicode string".
To learn more about secret strings and how to use the vault, see Secret string vault.
ConfigurationURLCharacter stringOpenID service description URL (see Remarks). In general, providers who offer OpenID make this URL available. It has the following format:
https://<Domain>/.well-known/OpenID-configuration
Some examples of URLs:
https://login.windows.net/contoso.onmicrosoft.com/
.well-known/OpenID-configuration
https://accounts.google.com/.well-known/openid-configuration
https://login.salesforce.com/.well-known/openid-configuration
https://login.yahoo.com/.well-known/openid-configuration
https://login.microsoftonline.com/contoso.onmicrosoft.com/
.well-known/openid-configuration
GrantTypeConstantGrant type available. The possible values are:
  • taApplicationCliente: Authentication without login window. The access authorization is given to the application (not to the user). The token provided to access the resources of the application is linked to the application itself.
  • taCodeAuthorization (Default value): Connection authorization is given to the user. A login window appears to let users enter their username and password. The access token is linked to the user.
  • New in version 2025
    taPassword silent user authentication. Connection authorization is given to the user specified in the UserName property property (the associated password is specified via the Password). The token obtained is linked to the user.
New in SaaS
Option
Integer constantAuthentication options:
  • authDefault Default authentication.
  • authPKCE: Authentication via the PKCE (Proof Key for Code Exchange) protocol.
  • authClientSecretBasic Authentication using Base64-encoded "ClientID" and "ClientSecret" in the HTTP request header. Requires a secure connection.
Note: The PKCE protocol provides additional security to OAuth authentication. In some cases, although PKCE is used, it may be necessary to specify the secret key (ClientSecret property). We advise you to check the information expected by the platform used.
Note: This property is only available from WINDEV Suite SaaS 2025 Update 1. For more details, see Using new features exclusive to WINDEV 2025 SaaS.
New in version 2025
Password
Character string or Secret stringPassword associated with the user.
This property is only used if the TypeAuthorization property corresponds to the constant taPassword.
New in version 2025
Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "Ansi or Unicode string".
To learn more about secret strings and how to use the vault, see Secret string vault.
RedirectionURLCharacter stringURL used to redirect the result.
ScopeCharacter stringRequested permissions. The possible values are specific to the web service used.
New in version 2025
UserName
Character stringUser name.
This property is only used if the TypeAuthorization property corresponds to the constant taPassword.
Remarks

ConfigurationURL property

The ConfigurationURL property corresponds to a URL that contains the description of the OpenID service. This description has the following format (for Google, for example)::
{
"issuer": "https://accounts.google.com",
"authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"token_endpoint": "https://oauth2.googleapis.com/token",
"userinfo_endpoint": "https://www.googleapis.com/oauth2/v3/userinfo",
"revocation_endpoint": "https://oauth2.googleapis.com/revoke",
"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
"response_types_supported": [
 "code",
 "token",
 "id_token",
 "code token",
 "code id_token",
 "token id_token",
 "code token id_token",
 "none"
],
"subject_types_supported": [
 "public"
],
"id_token_signing_alg_values_supported": [
 "RS256"
],
"scopes_supported": [
 "openid",
 "email",
 "profile"
],
"token_endpoint_auth_methods_supported": [
 "client_secret_post",
 "client_secret_basic"
],
"claims_supported": [
 "aud",
 "email",
 "email_verified",
 "exp",
 "family_name",
 "given_name",
 "iat",
 "iss",
 "local",
 "name",
 "picture",
 "sub"
],
"code_challenge_methods_supported": [
 "plain",
 "S256"
]
}
The necessary parts are as follows:
  • authorization_endpoint: authorization URL.
  • token_endpoint: URL for token recovery.
  • scopes_supported: List of information that can be retrieved.
New in SaaS

Authentication via "Client Secret Basic"

OpenIDParams is OpenIDParameters
OpenIDParams.ClientID = "1060349503186-pc7ahmeb6h6mc3jd19nlva26kt7gk59q.apps.googleusercontent.com"
OpenIDParams.ClientSecret = "oBTQL52JiT82Wmuy9-76MpiM"
OpenIDParams.ConfigurationURL = "https://accounts.google.com/.well-known/openid-configuration"
OpenIDParams.Option = authClientSecretBasic

token is AuthToken = AuthIdentify(OpenIDParams)
IF token..Valid THEN
	Info(token.ServerResponse)
END
Minimum version required
  • Version 24
This page is also available for…
Comments
Click [Add] to post a comment

Last update: 02/06/2025

Send a report | Local help