Skip to Content (Press Enter)
CommunityForgeAssets listODC Identity Bridge
odc-identity-bridge
Reactive icon

ODC Identity Bridge

Stable version 1.0.0 (Compatible with OutSystems 11)
Uploaded
 on 29 Dec (9 hours ago)
 by 
0.0
 (0 ratings)
odc-identity-bridge

ODC Identity Bridge

Documentation
1.0.0

Open the OpenIDBridgeAPI module in Service Center and click on the Site Properties tab. First, set a value for ClientId and ClientSecret. You can think of them as a service account's username and password that ODC uses to identify itself to the OpenID Bridge Identity Provider.

  • ClientId - This can be any text string, such as "odc-dev-env" or just a UUID.

  • ClientSecret - Enter a strong password here.

Leave the Site Properties tab open as we need to revisit it shortly. Open another tab and browse to your ODC Portal and click on Manage - Identity providers.

Click Add provider - OpenID Connect.

  • Provider name - Choose a name for this identity provider, like OutSystems 11 Development.

  • Discovery endpoint - Use the URL: https://<Your O11 environment domain name>/OpenIDBridgeAPI/rest/Oauth/Discovery. After clicking on Get Details, the additional configuration details will appear on the right.

  • Client ID - Enter the Client ID you set in the Site Properties of the OpenIDBridgeAPI module in Service Studio.

  • Client secret (secret value) - Enter the Client secret you set in the Site Properties of the OpenIDBridgeAPI module in Service Studio.

  • PKCE - Select None.

  • Organization user email verification - Select Trust all user emails as verified.

Under Claim mapping:

  • Username - Set to preferred_username.

Leave all other settings as they are and click Save.

Next, click on Assign and link this Identity Provider configuration to applications in your development stage.

You will need a separate Identity Provider configuration for each of your stages.

Finally, click on the Redirect URLs tab and expand Apps in Development. Copy the value of the Login URL.

In the O11 Service Center, go to the Site Properties of the OpenIDBridgeAPI module and paste the Login URL value into the RedirectUri property.

Next steps

For automatically assigning roles to users in ODC, please read my article https://without.systems/odc-end-user-roles-management-pattern. Modify the CreateIdentityToken action to add your custom claims.

Create your own public/private key

This components ships with a default key pair that is used to sign the tokens. To create your own keypair first install OpenSSL. Then run the following commands

openssl genrsa -out private.pem 2048

openssl rsa -in private.pem -pubout -out public.pem


Next convert public.pem JWK format at https://pem2jwk.vercel.app/

In the resources folder of the OpenIDBridgeAPI module exchange private.pem with your custom private key and the JWK conversion result with public.jwk.