|
|
|
|
|
- Properties specific to OpenIDParameters variables
- ConfigurationURL property
OpenIDParameters (Variable type) In french: OpenIDParamètres
The type OpenIDParameters is used to define all the advanced features of an authentication for OpenID. You can define and change the characteristics of this authentication for OpenID using different WLanguage properties. Note: For more details on the declaration of this type of variable and the use of WLanguage properties, see Declaring a variable. OpenIDParams is OpenIDParameters
OpenIDParams.ConfigurationURL = "https://accounts.google.com/.well-known/OpenID-configuration"
OpenIDParams.ClientID = "1060349503186-pc7ahme???????7gk59q.apps.googleusercontent.com"
OpenIDParams.ClientSecret = "oBTQL52?????y9-76MpiM"
OpenIDParams.RedirectionURL = "http://localhost:9846"
MyToken is AuthToken = AuthIdentify(OpenIDParams)
IF ErrorOccurred THEN
Error(ErrorInfo())
RETURN
END
MyIdentity is OpenIDIdentity = OpenIDReadIdentity(MyToken)
IF MyIdentity.Valid THEN
Trace(MyIdentity.Email)
Trace(MyIdentity.LastName)
Trace(MyIdentity.FirstName)
END
Properties Properties specific to OpenIDParameters variables The following properties can be used to handle the parameters of an OpenID authentication: | | | Property name | Type used | Effect |
---|
ClientID | Character string | Application identifier. | ClientSecret | Character string or Secret string | Secret application identifier.
New in version 2025Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "Ansi or Unicode string". To learn more about secret strings and how to use the vault, see Secret string vault. | ConfigurationURL | Character string | OpenID service description URL (see Remarks). In general, providers who offer OpenID make this URL available. It has the following format:
https://<Domain>/.well-known/OpenID-configuration Some examples of URLs: https://login.windows.net/contoso.onmicrosoft.com/ .well-known/OpenID-configuration https://accounts.google.com/.well-known/openid-configuration https://login.salesforce.com/.well-known/openid-configuration https://login.yahoo.com/.well-known/openid-configuration https://login.microsoftonline.com/contoso.onmicrosoft.com/ .well-known/openid-configuration | GrantType | Constant | Grant type available. The possible values are: - taApplicationCliente: Authentication without login window. The access authorization is given to the application (not to the user). The token provided to access the resources of the application is linked to the application itself.
- taCodeAuthorization (Default value): Connection authorization is given to the user. A login window appears to let users enter their username and password. The access token is linked to the user.
New in version 2025taPassword silent user authentication. Connection authorization is given to the user specified in the UserName property property (the associated password is specified via the Password). The token obtained is linked to the user.
| New in version 2025Password | Character string or Secret string | Password associated with the user. This property is only used if the TypeAuthorization property corresponds to the constant taPassword. New in version 2025Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "Ansi or Unicode string". To learn more about secret strings and how to use the vault, see Secret string vault. | RedirectionURL | Character string | URL used to redirect the result. | Scope | Character string | Requested permissions. The possible values are specific to the web service used. | New in version 2025UserName | Character string | User name. This property is only used if the TypeAuthorization property corresponds to the constant taPassword. |
Remarks ConfigurationURL property The ConfigurationURL property corresponds to a URL that contains the description of the OpenID service. This description has the following format (for Google, for example):: { "issuer": "https://accounts.google.com", "authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth", "token_endpoint": "https://oauth2.googleapis.com/token", "userinfo_endpoint": "https://www.googleapis.com/oauth2/v3/userinfo", "revocation_endpoint": "https://oauth2.googleapis.com/revoke", "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs", "response_types_supported": [ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token", "none" ], "subject_types_supported": [ "public" ], "id_token_signing_alg_values_supported": [ "RS256" ], "scopes_supported": [ "openid", "email", "profile" ], "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic" ], "claims_supported": [ "aud", "email", "email_verified", "exp", "family_name", "given_name", "iat", "iss", "local", "name", "picture", "sub" ], "code_challenge_methods_supported": [ "plain", "S256" ] } The necessary parts are as follows: - authorization_endpoint: authorization URL.
- token_endpoint: URL for token recovery.
- scopes_supported: List of information that can be retrieved.
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|