OpenID Connect authentication event examples
The examples in this topic support the explanations in OpenID Connect relying party (developer) configuration. Following are examples of various steps required to configure OpenID Connect as the authentication method for your product. These examples are referenced in the topic.
Example A—SUBSCRIPTION ORDER event
{
"type": "SUBSCRIPTION_ORDER",
"marketplace": {
"partner": "APPDIRECT",
"baseUrl": "https://marketplace.exampletelco.com_",
},
"links": [
{
"rel": "oidcClient",
"href": "https://marketplace.exampletelco.com/api/developer/v2/applications/3448/oidc",
}
]
}
Example B—OIDC provider metadata
{
"issuer": "https://marketplace.exampletelco.com",
"authorization_endpoint": "https://marketplace.exampletelco.com/oauth2/authorize",
"token_endpoint": "https://marketplace.exampletelco.com/oauth2/token",
"userinfo_endpoint": "https://marketplace.exampletelco.com/oauth2/userinfo",
"jwks_uri": "https://marketplace.exampletelco.com/oauth2/certs",
"response_types_supported": [
"code",
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"scopes_supported": [
"openid",
"email",
"profile"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"email",
"email_verified",
"iss",
"aud",
"exp",
"iat"
]
}
Example C—Signature verification certificates
{
"keys": [
{
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": "431d667906c74df5cf5b48cefb5fb8acf7b2fc9b",
"n": "wb36GVTnynuL6w_p9JM1jTqYWyeFcKMfiZmgdgXX_xMX5jermDeg9pabYpiv2JdMiHaX57qRydjx5C-zSVXnyKV-_TZ0HwA28-zGHWe9p8MqriO43qz9mp4uV8j5sNhWXzlzH72Z4CELl5-C4NdZcXhNmf_c9OBwhVn6a-qw0DtlHdVjlc71fex21HGimG1pybIFCrv_s5M6DARAukWO-WGEaiNvifBrP9-XvejSB9gzLmb0SJ74PnL8xxQz-C2ZTR-pnemRdB294IPIMJMsV0hCA0VQpQ3EWpiGNhq1Qim6n-8gCQp6ahNUQE9chxzWhXQAs_qA-cRAC0_YySWiZw",
"e": "AQAB"
},
{
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": "1ee4d9e7dcfef215d133c7ed7ac87c95f8d8e712",
"n": "yl43JvU6o_HlE6npH4-h0GQt4Sf7p7OOymPdNfpISFprg3s6xVEGV5sOw9xU-FWx9pd9u7HabSY286Pv4pLsnuKy3F-M52RtPCV1B11pxn01DSI9C17QKO7XAAOHWED9pj43pHirGHz_eDkpfLAck7wof5Qi0eKQT2_B70WYCF3Yis_V8WI8zgcJo9qIh4bbZUGVkiLXDoNbgr6KkulE4qrRNErSzgLXQlPm3623tudeoP1U8umfbWdnWmtTS8UO-lhgkJc5HT45HJwXFiSyKFTOX7nB1Ou99ZHCngL-KGn5xmLKExAZiV57BkRTTcYo-9qg1SKNivnKWwUb6crHpw",
"e": "AQAB"
},
{
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": "308f248756b5f6ee4dd4c5d80b55850997ffde7f",
"n": "5I-4yApxPzlxsPdO3x5o671FvxjjDUNHQrK88vvLTUcxrPU3sGy13hy4Rca4d-MVcYl_Lo-M2SqKsQVHEIPPE-YFzUUjScM1_XZaOCxapbPBS0iwnF0VhwB1m8DOCJmgmbeWX9KjiFm8nHMmZ5CzRb_ksYk7RgHEXZ-36g9d0bU5pDBxfV2XAVqsL4bBOVhJuh_iw3giceohmIWDEESGNn9zEdxWAAPCFMJEAyrmMIyNVVoGussShp8R0MVwozfK0KyP4sWtcYZqvGSwuBn4gEahTWILnwfclh9YGG2wrjVP7N8BUzlVOIA3CRYx5VEH-x0iN_BDV-wXajowJcq0XQ",
"e": "AQAB"
}
]
}
Example D—OIDC client configuration
{
"oidc_client": {
"client_id": "s6BhdRkqt3",
"client_secret": "cf136dc3c1fc93f31185e5885805d",
"application_type": "web",
"integration_type": "per_marketplace",
"grant_types": ["authorization_code", "refresh_token"]
"response_types": ["code"],
"allowed_scopes": ["openid", "email", "profile"],
"redirect_uris": [
"https://www.isv.com/callback"
],
"initiate_login_uri": "https://client.example.com/oidc/login",
"client_secret_expires_at": 0,
"client_id_issued_at": "1577858400",
"token_endpoint_auth_method": "client_secret_basic"
}
}
Example E—Token response
{
"access_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdXBlcnVzZXIrMUBhcHBkaXJlY3QuY29tIiwiYXVkIjpbIm9wZW5pZCIsImFjY291bnQiLCJiaWxsaW5nIiwiYXR0IiwibzM2NSIsIm1hcmtldHBsYWNlIiwiY2hhbm5lbCIsImhvc3RlZGNoZWNrb3V0IiwiaW50ZWdyYXRpb24iLCJyZXBvcnRpbmciLCJub3RpZmljYXRpb24iLCJQUk0iXSwiZXhwIjoxNDk4NjM3OTA4LCJqdGkiOiI0Y2FlMWY3Zi1lYzVjLTRlNzMtYWZlMC1mNGNkZmY1MTllYzAiLCJjbGllbnRfaWQiOiJsdHozWnI2R0VUIiwic2NvcGUiOlsiZW1haWwiLCJvcGVuaWQiLCJwcm9maWxlIl19.FGMCsVVd8Hswa_uHnKFFiD8rwl8WCVg7-KjLAdCRGHQ6oRdO4XLhyODO2uYGO2IXwz1gdX0QhRIDfXtyrxn4BF18yBR-R2sZ5DO7Eo7H8rWCJ5QF8u8bz5ToqW4L1y440FfBerauW77irwE68U-a7ZQerL5sKR5TzIFkqCOWUXAxX7J0XD--yJK0KVVFodbG0E0MtWzxEuq2Q2_kQHa-ioJ9CrmV6ayZ3vZSS_AaeE-cCjqu8mG1zPD6FPRxs4MXwE16Mgq-IlKpD5PrhTJ2cPCDDMWKTADKNUg77tKYJozgu4B3cM50Azw0euINevd7Hd6dw7s1fPyfKQaZvcZiLQ",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdXBlcnVzZXIrMUBhcHBkaXJlY3QuY29tIiwiYXVkIjpbIm9wZW5pZCIsImFjY291bnQiLCJiaWxsaW5nIiwiYXR0IiwibzM2NSIsIm1hcmtldHBsYWNlIiwiY2hhbm5lbCIsImhvc3RlZGNoZWNrb3V0IiwiaW50ZWdyYXRpb24iLCJyZXBvcnRpbmciLCJub3RpZmljYXRpb24iLCJQUk0iXSwianRpIjoiOWMwMDAxODctYzYwZC00MzQ5LTg2NzItYTM4OTUzYTE1OTE3IiwiY2xpZW50X2lkIjoibHR6M1pyNkdFVCIsInNjb3BlIjpbImVtYWlsIiwib3BlbmlkIiwicHJvZmlsZSJdfQ.pMxQg8D6I-5C3_shman69vvfu5RExkwVmYxHbHhqHsoI9IKnI3JwqFPxYgJpWWkgVl_cKcgvm0k_YSrFiJa9__VIdPSkIOGDplJ_EUONB9akpEouFPZw5dsw7CLexRL9OPRo-QXOhnYLy6lS5G2gbvSapLTlz-McFRrhPosaAf8JmT8gGzTAP4Jpds6o4usLNC2j3UHHZBDj1u7m3qMUGwaPrPzDSPvb5mLM-0ZKCaLAttmXHMUZS-QA5anTc84Wdl6oCRfwNG5Mgy6-jQCmu1iDBkZhE9IMIqz5w-9m15evimGbFLvBAK0ehTtD9wDpkEtWU7WXCY5VvONFI_i29Q",
"expires_in": 3600,
"scope": "openid email profile",
"id_token": "eyJraWQiOiIwYzA1ZTc0My1mZDA4LTQzZmMtYWYxMC00NDBhNjE0ODIzOTEiLCJhbGciOiJSUzI1NiIsInR5cGUiOiJKV1QifQ.eyJhdWQiOiJ1SG0ydTI0TGxLIiwiaXNzIjoiaHR0cHM6Ly9pYW1wcm9kc2FuZGJveC5ieWFwcGRpcmVjdC5jb20iLCJzdWIiOiJjZTg1YTYxYS02N2Q5LTRjOGItYjE2OS0wYmQ3NWMxMDg4M2YiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZW1haWwiOiJtYW5kZWVwLnNpbmdoK2lhbXByb2RAYXBwZGlyZWN0LmNvbSIsImdpdmVuX25hbWUiOiJNYW5kZWVwIiwiZmFtaWx5X25hbWUiOiJTaW5naCIsImxvY2FsZSI6ImVuLVVTIiwiY3VycmVudF9hY3RpdmVfY29tcGFueSI6IjYyZGZjMDRlLWMwODItNGY0ZC1hMDNiLWFlMDJkMDY5ZDNkNiIsImN1cnJlbnRfYWN0aXZlX2NvbXBhbnlfbmFtZSI6IklBTSBJbmMiLCJjb21wYW55X21lbWJlcnNoaXBzIjp7IjYyZGZjMDRlLWMwODItNGY0ZC1hMDNiLWFlMDJkMDY5ZDNkNiI6eyJyb2xlcyI6WyJST0xFX0JJTExJTkdfQURNSU4iLCJST0xFX0RFVkVMT1BFUiIsIlJPTEVfU1lTX0FETUlOIl19LCJlYTMyNjUwNi0xOWQ5LTQ2YjEtOWRkYy0wMWE4NThlY2IwZDEiOnsicm9sZXMiOlsiUk9MRV9CSUxMSU5HX0FETUlOIiwiUk9MRV9DSEFOTkVMX1NVUFBPUlQiLCJST0xFX0RFVkVMT1BFUiIsIlJPTEVfQ0hBTk5FTF9BRE1JTiIsIlJPTEVfQ0hBTk5FTF9QUk9EVUNUX1NVUFBPUlQiLCJST0xFX1NBTEVTX1NVUFBPUlQiLCJST0xFX1NZU19BRE1JTiJdfX0sImlhdCI6MTY2MDI2NzU2NSwiZXhwIjoxNjYwMjcxMTY1fQ.Wi0OLsJVCIYA-euEq3RD3MCqa-5UbdkW0s_mQqyULbqe7OOtbo5nqrx_5oINiHGhJLQhlyQyYN6AV31BgkSIWcKnjPbhY3q4OBbpDP81I8d3p5MrufsCkCxsHdt92scWJA4o1foxOSXDd_yy-XNY4hrG_hK4PodE8Um47OFILgeV7xXDtfDvvJrJWSn5vQw_VQqNJ39sJIU0V9e8x2afsu4OxwSZWkSn_ZZn5xMGZ_agP0qaM63sYOISoNvQHvOC4ERaIeYnDNhClIaHCSyWRo5pyK8sCNCexezanek1f5RwnrcWTNzvVAW4PL862Kp1M_RtHOInXjRNWJGg7ZQKsQ"
}
Was this page helpful?
Tell us more…
Help us improve our content. Responses are anonymous.
Thanks
We appreciate your feedback!