OpenIDParameters (Variable type)

ONLINE HELP
WINDEV, WEBDEV AND WINDEV MOBILE

Version:

Home | Sign in | English

Help / WLanguage / WLanguage functions / Communication / Managing the OAuth 2.0 protocol

Properties specific to OpenIDParameters variables
ConfigurationURL property
"Client Secret Basic" authentication: Example

WINDEV

WEBDEV

WINDEV Mobile

Others

See also

OpenIDParameters (Variable type)

In french: OpenIDParamètres

The type OpenIDParameters is used to define all the advanced features of an authentication for OpenID. You can define and change the characteristics of this authentication for OpenID using different WLanguage properties.

Note: For more details on the declaration of this type of variable and the use of WLanguage properties, see Declaring a variable.

Example

OpenIDParams is OpenIDParameters
OpenIDParams.ConfigurationURL = "https://accounts.google.com/.well-known/OpenID-configuration"
OpenIDParams.ClientID = "1060349503186-pc7ahme???????7gk59q.apps.googleusercontent.com" 
OpenIDParams.ClientSecret = "oBTQL52?????y9-76MpiM"
OpenIDParams.RedirectionURL = "http://localhost:9846"

MyToken is AuthToken = AuthIdentify(OpenIDParams)
IF ErrorOccurred THEN
	Error(ErrorInfo())
	RETURN
END
MyIdentity is OpenIDIdentity = OpenIDReadIdentity(MyToken)
IF MyIdentity.Valid THEN
	Trace(MyIdentity.Email)
	Trace(MyIdentity.LastName)
	Trace(MyIdentity.FirstName)
END

Properties

Properties specific to OpenIDParameters variables

The following properties can be used to handle the parameters of an OpenID authentication:

Property name	Type used	Effect

Subscription-exclusive new feature ClientCertificate	Character string or Buffer	Corresponds to: a string with a path to the ".p12" file that contains the certificate to be attached to the request. The certificate will be automatically loaded taking into account: the certificate in the executable library (if it has been integrated into the application), the certificate at the specified location on disk (if the certificate has not been integrated into the executable library). a buffer with the certificate (fLoadBuffer). If this property is set to an empty string (""), the default certificate is reset to "<None>". Note: This feature is only available in subscription-based versions, starting with WINDEV Suite 2025 - Update 1. For more details, see Using new features exclusive to the subscription-based version of WINDEV Suite 2025.
Subscription-exclusive new feature ClientCertificatePassword	Character string or Secret string	Password associated with the client certificate (empty string by default) New in version 2025 Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "ANSI or Unicode string". To learn more about secret strings and how to use the vault, see Secret string vault. Note: This feature is only available in subscription-based versions, starting with WINDEV Suite 2025 - Update 1. For more details, see Using new features exclusive to the subscription-based version of WINDEV Suite 2025.
ClientID	Character string	Application identifier.
ClientSecret	Character string or Secret string	Secret application identifier. New in version 2025 Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "ANSI or Unicode string". To learn more about secret strings and how to use the vault, see Secret string vault.
ConfigurationURL	Character string	OpenID service description URL (see Remarks). In general, providers who offer OpenID make this URL available. It has the following format: https://<Domain>/.well-known/OpenID-configuration Some examples of URLs: https://login.windows.net/contoso.onmicrosoft.com/ .well-known/OpenID-configuration https://accounts.google.com/.well-known/openid-configuration https://login.salesforce.com/.well-known/openid-configuration https://login.yahoo.com/.well-known/openid-configuration https://login.microsoftonline.com/contoso.onmicrosoft.com/ .well-known/openid-configuration
GrantType	Constant	Grant type available. The possible values are: gtClientCredentials: Authentication without login window. The access authorization is given to the application (not to the user). The token provided to access the resources of the application is linked to the application itself. gtAuthorizationCode (Default value): Access authorization is given to the user. A login window appears to let users enter their username and password. The access token is linked to the user. New in version 2025 gtPassword: Silent user authentication. Access authorization is given to the user specified in the Username property (the associated password is specified with the Password property). The obtained token is linked to the user.
Subscription-exclusive new feature Option	Integer constant	Authentication options: authDefault: Default authentication method. authPKCE: Authentication via PKCE (Proof Key for Code Exchange). authClientSecretBasic: Authentication mode for which the "ClientID" and "ClientSecret" are encoded using Base64 encoding in the HTTP header of the request. Requires a secure connection. Note: PKCE provides additional security compared to OAuth. In some cases, although PKCE is used, it may be necessary to specify the secret key (ClientSecret property). We advise you to check the information expected by the platform used. Note: This feature is only available in subscription-based versions, starting with WINDEV Suite 2025 - Update 1. For more details, see Using new features exclusive to the subscription-based version of WINDEV Suite 2025.
New in version 2025 Password	Character string or Secret string	Password associated with the user. This property is only used if the GrantType property is set to gtPassword. New in version 2025 Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "ANSI or Unicode string". To learn more about secret strings and how to use the vault, see Secret string vault.
RedirectionURL	Character string	URL used to redirect the result.
Scope	Character string	Requested permissions. The possible values are specific to the web service used.
New in version 2025 UserName	Character string	Username. This property is only used if the GrantType property is set to gtPassword.

Remarks

ConfigurationURL property

The ConfigurationURL property corresponds to a URL that contains the description of the OpenID service. This description has the following format (for Google, for example)::

{
"issuer": "https://accounts.google.com",
"authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"token_endpoint": "https://oauth2.googleapis.com/token",
"userinfo_endpoint": "https://www.googleapis.com/oauth2/v3/userinfo",
"revocation_endpoint": "https://oauth2.googleapis.com/revoke",
"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token",
"none"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"scopes_supported": [
"openid",
"email",
"profile"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"claims_supported": [
"aud",
"email",
"email_verified",
"exp",
"family_name",
"given_name",
"iat",
"iss",
"local",
"name",
"picture",
"sub"
],
"code_challenge_methods_supported": [
"plain",
"S256"
]
}

The necessary parts are as follows:

authorization_endpoint: Authorization URL.
token_endpoint: Token retrieval URL.
scopes_supported: Information that can be retrieved.

Subscription-exclusive new feature

"Client Secret Basic" authentication: Example

OpenIDParams is OpenIDParameters
OpenIDParams.ClientID = "1060349503186-pc7ahmeb6h6mc3jd19nlva26kt7gk59q.apps.googleusercontent.com"
OpenIDParams.ClientSecret = "oBTQL52JiT82Wmuy9-76MpiM"
OpenIDParams.ConfigurationURL = "https://accounts.google.com/.well-known/openid-configuration"
OpenIDParams.Option = authClientSecretBasic

token is AuthToken = AuthIdentify(OpenIDParams)
IF token.Valid THEN
	Info(token.ServerResponse)
END