Skip to content

OpenID Connect

Mauro can use OpenID Connect (OIDC) to authenticate and authorise users.

Firstly, configure a provider that supports OpenID. E.g.

You will get a client secret, and a client id once you create an application client with a provider.

Once you have the client secret, a client id, and the issuer URL you can configure authentication by editing /opt/init/micronaut/application-mauro.yml and add section like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
micronaut:
    security:
        oauth2:
            enabled: true
            clients:
                <<provider>>:
                    client-secret: <<your client secret>>
                    client-id: <<your client id>>
                    openid:
                        issuer: <<provider's issuer URL>>
                        authorization:
                            prompt: login

which will configure micronaut to produce an authorisation endpoint, and add another section like this:

1
2
3
4
5
6
mauro:
    oauths:
        -   app-label: <<Your button label>>
            oauth-provider: <<provider>>
            create-user: true
            require-verified-email: false

which will configure Mauro to surface a log in button called <<Your button label>> on the user interface, using the <<provider>> authentication.

E.g. if you were to call your <<provider>> microsoft-azure it would look similar to this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
micronaut:
    security:
        oauth2:
            enabled: true
            clients:
                microsoft-azure:
                    client-secret: <<your client secret>>
                    client-id: <<your client id>>
                    openid:
                        issuer: https://login.microsoftonline.com/<<some_uuid>>/v2.0
                        authorization:
                            prompt: login
mauro:
    oauths:
        -   app-label: Microsoft Azure
            oauth-provider: microsoft-azure
            create-user: true
            require-verified-email: false

Proxies

If the container is being proxied, for the authentication process to work, please follow the Proxy instructions.