Difference between revisions of "OpenID Connect"
(→Generating Credentials) |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
OpenID Connect is the standard for single sign-on and identity provisioning on the internet. It uses JSON-based identity tokens (JWT) via the OAuth 2.0 protocol. In order to perform single sign-on through OpenID using WHMCS as an authentication provider, applications must use details that your WHMCS installation generates. | OpenID Connect is the standard for single sign-on and identity provisioning on the internet. It uses JSON-based identity tokens (JWT) via the OAuth 2.0 protocol. In order to perform single sign-on through OpenID using WHMCS as an authentication provider, applications must use details that your WHMCS installation generates. | ||
| − | You can | + | You can access this feature at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > OpenID Connect'''. |
<div class="docs-alert-success"> | <div class="docs-alert-success"> | ||
| Line 18: | Line 18: | ||
When the page reloads, the '''Client ID''' and '''Client Secret''' values will display in the '''Client API Credentials''' section. | When the page reloads, the '''Client ID''' and '''Client Secret''' values will display in the '''Client API Credentials''' section. | ||
| − | If you add or change any information after initially generating the credentials, make certain that you click '''Save Changes''' | + | If you add or change any information after initially generating the credentials, make certain that you click '''Save Changes'''. |
| − | + | ||
===Set the Authorized Redirect URIs=== | ===Set the Authorized Redirect URIs=== | ||
| Line 27: | Line 27: | ||
# Click '''Manage''' for your credentials. | # Click '''Manage''' for your credentials. | ||
| − | # | + | # Find the '''Authorized Redirect URIs''' section. |
# Make any desired changes. | # Make any desired changes. | ||
#* Click '''Remove''' to delete a URI. | #* Click '''Remove''' to delete a URI. | ||
Latest revision as of 20:45, 26 April 2022
OpenID Connect is the standard for single sign-on and identity provisioning on the internet. It uses JSON-based identity tokens (JWT) via the OAuth 2.0 protocol. In order to perform single sign-on through OpenID using WHMCS as an authentication provider, applications must use details that your WHMCS installation generates.
You can access this feature at Configuration () > System Settings > OpenID Connect.
More Information
- For more information on single sign-on using OpenID and a guide to setting this up with cPanel & WHM, see WHMCS OpenID and cPanel Setup Guide.
- For technical information on integrating WHMCS as an authentication provider for your application, see OpenID Connect Developer Guide.
Generating Credentials
To generate a new set of credentials:
- Click Generate New Client API Credentials.
- Enter a name, description, URL, and any authorized redirect URIs (see below).
- Click Generate Credentials.
When the page reloads, the Client ID and Client Secret values will display in the Client API Credentials section.
If you add or change any information after initially generating the credentials, make certain that you click Save Changes.
Set the Authorized Redirect URIs
WHMCS uses the redirect URI(s) that you add as a canonical list of approved redirect locations for the credentials. When a referring application makes a request, it must provide a redirect location. WHMCS will verify that that location is in the canonical list and will use it after the user has provided authentication and authorization.
To find the specified redirect URIs for your OAuth 2.0 credentials, follow these steps:
- Click Manage for your credentials.
- Find the Authorized Redirect URIs section.
- Make any desired changes.
- Click Remove to delete a URI.
- Click Add Another to add more URIs.
- When you have finished updating your URIs, click Save Changes.
Generate a New Client Secret
The client secret can be regenerated if, for example, you want to rotate it for security reasons.
To reset the client secret, follow these steps:
- Click Manage for your credentials.
- Click Reset Client Secret.
- Click OK.
The previous secret will immediately become invalid and the page will re-load displaying the new secret. Don't forget to set this new secret value at the referring application.