Skip to main content

OpenID Connect authentication event examples

The examples in this topic support the explanations in OpenID Connect relying party (developer) configuration. Following are examples of various steps required to configure OpenID Connect as the authentication method for your product. These examples are referenced in the topic.

Example A—SUBSCRIPTION ORDER event

{  
"type": "SUBSCRIPTION_ORDER",
"marketplace": {
   "partner": "APPDIRECT",
   "baseUrl": "https://marketplace.exampletelco.com_",
 },
 "links": [
   {
     "rel": "oidcClient",
     "href": "https://marketplace.exampletelco.com/api/developer/v2/applications/3448/oidc",
   }
 ]
}

Example B—OIDC provider metadata

{  
"issuer": "https://marketplace.exampletelco.com",
"authorization_endpoint": "https://marketplace.exampletelco.com/oauth2/authorize",
"token_endpoint": "https://marketplace.exampletelco.com/oauth2/token",
"userinfo_endpoint": "https://marketplace.exampletelco.com/oauth2/userinfo",
"jwks_uri": "https://marketplace.exampletelco.com/oauth2/certs",
"response_types_supported": [
"code",
 ],
"subject_types_supported": [
 "public"
],
"id_token_signing_alg_values_supported": [
 "RS256"
],
"scopes_supported": [
 "openid",
 "email",
 "profile"
],
"token_endpoint_auth_methods_supported": [
 "client_secret_basic"
],
"claims_supported": [
 "sub",
 "name",
 "family_name",
 "given_name",
 "email",
 "email_verified",
 "iss",
 "aud",
 "exp",
 "iat"
]
}

Example C—Signature verification certificates

{  
"keys": [
 {
  "kty": "RSA",
  "alg": "RS256",
  "use": "sig",
  "kid": "431d667906c74df5cf5b48cefb5fb8acf7b2fc9b",
  "n": "wb36GVTnynuL6w_p9JM1jTqYWyeFcKMfiZmgdgXX_xMX5jermDeg9pabYpiv2JdMiHaX57qRydjx5C-zSVXnyKV-_TZ0HwA28-zGHWe9p8MqriO43qz9mp4uV8j5sNhWXzlzH72Z4CELl5-C4NdZcXhNmf_c9OBwhVn6a-qw0DtlHdVjlc71fex21HGimG1pybIFCrv_s5M6DARAukWO-WGEaiNvifBrP9-XvejSB9gzLmb0SJ74PnL8xxQz-C2ZTR-pnemRdB294IPIMJMsV0hCA0VQpQ3EWpiGNhq1Qim6n-8gCQp6ahNUQE9chxzWhXQAs_qA-cRAC0_YySWiZw",
  "e": "AQAB"
 },
 {
  "kty": "RSA",
  "alg": "RS256",
  "use": "sig",
  "kid": "1ee4d9e7dcfef215d133c7ed7ac87c95f8d8e712",
  "n": "yl43JvU6o_HlE6npH4-h0GQt4Sf7p7OOymPdNfpISFprg3s6xVEGV5sOw9xU-FWx9pd9u7HabSY286Pv4pLsnuKy3F-M52RtPCV1B11pxn01DSI9C17QKO7XAAOHWED9pj43pHirGHz_eDkpfLAck7wof5Qi0eKQT2_B70WYCF3Yis_V8WI8zgcJo9qIh4bbZUGVkiLXDoNbgr6KkulE4qrRNErSzgLXQlPm3623tudeoP1U8umfbWdnWmtTS8UO-lhgkJc5HT45HJwXFiSyKFTOX7nB1Ou99ZHCngL-KGn5xmLKExAZiV57BkRTTcYo-9qg1SKNivnKWwUb6crHpw",
  "e": "AQAB"
 },
 {
  "kty": "RSA",
  "alg": "RS256",
  "use": "sig",
  "kid": "308f248756b5f6ee4dd4c5d80b55850997ffde7f",
  "n": "5I-4yApxPzlxsPdO3x5o671FvxjjDUNHQrK88vvLTUcxrPU3sGy13hy4Rca4d-MVcYl_Lo-M2SqKsQVHEIPPE-YFzUUjScM1_XZaOCxapbPBS0iwnF0VhwB1m8DOCJmgmbeWX9KjiFm8nHMmZ5CzRb_ksYk7RgHEXZ-36g9d0bU5pDBxfV2XAVqsL4bBOVhJuh_iw3giceohmIWDEESGNn9zEdxWAAPCFMJEAyrmMIyNVVoGussShp8R0MVwozfK0KyP4sWtcYZqvGSwuBn4gEahTWILnwfclh9YGG2wrjVP7N8BUzlVOIA3CRYx5VEH-x0iN_BDV-wXajowJcq0XQ",
  "e": "AQAB"
 }
]
}

Example D—OIDC client configuration

{  
 "oidc_client": {
   "client_id": "s6BhdRkqt3",
   "client_secret": "cf136dc3c1fc93f31185e5885805d",
   "application_type": "web",
   "integration_type": "per_marketplace",
   "grant_types": ["authorization_code", "refresh_token"]
   "response_types": ["code"],
   "allowed_scopes": ["openid", "email", "profile"],
   "redirect_uris": [
       "https://www.isv.com/callback"
   ],
    "initiate_login_uri": "https://client.example.com/oidc/login",
    "client_secret_expires_at": 0,
    "client_id_issued_at": "1577858400",
    "token_endpoint_auth_method": "client_secret_basic"
 }
}

Example E—Token response

 {  
  "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdXBlcnVzZXIrMUBhcHBkaXJlY3QuY29tIiwiYXVkIjpbIm9wZW5pZCIsImFjY291bnQiLCJiaWxsaW5nIiwiYXR0IiwibzM2NSIsIm1hcmtldHBsYWNlIiwiY2hhbm5lbCIsImhvc3RlZGNoZWNrb3V0IiwiaW50ZWdyYXRpb24iLCJyZXBvcnRpbmciLCJub3RpZmljYXRpb24iLCJQUk0iXSwiZXhwIjoxNDk4NjM3OTA4LCJqdGkiOiI0Y2FlMWY3Zi1lYzVjLTRlNzMtYWZlMC1mNGNkZmY1MTllYzAiLCJjbGllbnRfaWQiOiJsdHozWnI2R0VUIiwic2NvcGUiOlsiZW1haWwiLCJvcGVuaWQiLCJwcm9maWxlIl19.FGMCsVVd8Hswa_uHnKFFiD8rwl8WCVg7-KjLAdCRGHQ6oRdO4XLhyODO2uYGO2IXwz1gdX0QhRIDfXtyrxn4BF18yBR-R2sZ5DO7Eo7H8rWCJ5QF8u8bz5ToqW4L1y440FfBerauW77irwE68U-a7ZQerL5sKR5TzIFkqCOWUXAxX7J0XD--yJK0KVVFodbG0E0MtWzxEuq2Q2_kQHa-ioJ9CrmV6ayZ3vZSS_AaeE-cCjqu8mG1zPD6FPRxs4MXwE16Mgq-IlKpD5PrhTJ2cPCDDMWKTADKNUg77tKYJozgu4B3cM50Azw0euINevd7Hd6dw7s1fPyfKQaZvcZiLQ",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdXBlcnVzZXIrMUBhcHBkaXJlY3QuY29tIiwiYXVkIjpbIm9wZW5pZCIsImFjY291bnQiLCJiaWxsaW5nIiwiYXR0IiwibzM2NSIsIm1hcmtldHBsYWNlIiwiY2hhbm5lbCIsImhvc3RlZGNoZWNrb3V0IiwiaW50ZWdyYXRpb24iLCJyZXBvcnRpbmciLCJub3RpZmljYXRpb24iLCJQUk0iXSwianRpIjoiOWMwMDAxODctYzYwZC00MzQ5LTg2NzItYTM4OTUzYTE1OTE3IiwiY2xpZW50X2lkIjoibHR6M1pyNkdFVCIsInNjb3BlIjpbImVtYWlsIiwib3BlbmlkIiwicHJvZmlsZSJdfQ.pMxQg8D6I-5C3_shman69vvfu5RExkwVmYxHbHhqHsoI9IKnI3JwqFPxYgJpWWkgVl_cKcgvm0k_YSrFiJa9__VIdPSkIOGDplJ_EUONB9akpEouFPZw5dsw7CLexRL9OPRo-QXOhnYLy6lS5G2gbvSapLTlz-McFRrhPosaAf8JmT8gGzTAP4Jpds6o4usLNC2j3UHHZBDj1u7m3qMUGwaPrPzDSPvb5mLM-0ZKCaLAttmXHMUZS-QA5anTc84Wdl6oCRfwNG5Mgy6-jQCmu1iDBkZhE9IMIqz5w-9m15evimGbFLvBAK0ehTtD9wDpkEtWU7WXCY5VvONFI_i29Q",
  "expires_in": 3600,
  "scope": "openid email profile",
  "id_token": "eyJraWQiOiIwYzA1ZTc0My1mZDA4LTQzZmMtYWYxMC00NDBhNjE0ODIzOTEiLCJhbGciOiJSUzI1NiIsInR5cGUiOiJKV1QifQ.eyJhdWQiOiJ1SG0ydTI0TGxLIiwiaXNzIjoiaHR0cHM6Ly9pYW1wcm9kc2FuZGJveC5ieWFwcGRpcmVjdC5jb20iLCJzdWIiOiJjZTg1YTYxYS02N2Q5LTRjOGItYjE2OS0wYmQ3NWMxMDg4M2YiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZW1haWwiOiJtYW5kZWVwLnNpbmdoK2lhbXByb2RAYXBwZGlyZWN0LmNvbSIsImdpdmVuX25hbWUiOiJNYW5kZWVwIiwiZmFtaWx5X25hbWUiOiJTaW5naCIsImxvY2FsZSI6ImVuLVVTIiwiY3VycmVudF9hY3RpdmVfY29tcGFueSI6IjYyZGZjMDRlLWMwODItNGY0ZC1hMDNiLWFlMDJkMDY5ZDNkNiIsImN1cnJlbnRfYWN0aXZlX2NvbXBhbnlfbmFtZSI6IklBTSBJbmMiLCJjb21wYW55X21lbWJlcnNoaXBzIjp7IjYyZGZjMDRlLWMwODItNGY0ZC1hMDNiLWFlMDJkMDY5ZDNkNiI6eyJyb2xlcyI6WyJST0xFX0JJTExJTkdfQURNSU4iLCJST0xFX0RFVkVMT1BFUiIsIlJPTEVfU1lTX0FETUlOIl19LCJlYTMyNjUwNi0xOWQ5LTQ2YjEtOWRkYy0wMWE4NThlY2IwZDEiOnsicm9sZXMiOlsiUk9MRV9CSUxMSU5HX0FETUlOIiwiUk9MRV9DSEFOTkVMX1NVUFBPUlQiLCJST0xFX0RFVkVMT1BFUiIsIlJPTEVfQ0hBTk5FTF9BRE1JTiIsIlJPTEVfQ0hBTk5FTF9QUk9EVUNUX1NVUFBPUlQiLCJST0xFX1NBTEVTX1NVUFBPUlQiLCJST0xFX1NZU19BRE1JTiJdfX0sImlhdCI6MTY2MDI2NzU2NSwiZXhwIjoxNjYwMjcxMTY1fQ.Wi0OLsJVCIYA-euEq3RD3MCqa-5UbdkW0s_mQqyULbqe7OOtbo5nqrx_5oINiHGhJLQhlyQyYN6AV31BgkSIWcKnjPbhY3q4OBbpDP81I8d3p5MrufsCkCxsHdt92scWJA4o1foxOSXDd_yy-XNY4hrG_hK4PodE8Um47OFILgeV7xXDtfDvvJrJWSn5vQw_VQqNJ39sJIU0V9e8x2afsu4OxwSZWkSn_ZZn5xMGZ_agP0qaM63sYOISoNvQHvOC4ERaIeYnDNhClIaHCSyWRo5pyK8sCNCexezanek1f5RwnrcWTNzvVAW4PL862Kp1M_RtHOInXjRNWJGg7ZQKsQ"
}

Was this page helpful?