Hi, i'm really new to Outsystems and currently looking into how to modify the end user login to connect to an identity server with OIDC. Can anyone point me to some resources on this? I saw there's a OIDC article but for the IT users. I also saw an OIDC client in the Forge but I can't seem to install it (it says I need to upgrade Outsystems UI, even though it's the latest version already). And I haven't found a documentation on how to use this application.
Also how can we ensure the logged in user is automatically created and has access to the application directly without manual process? What's the best practice for using claims based authentication in Outsystems? Do we need a logic that translate those claims to an Outsystems role?
Thanks
Hi @Adelia Benalius ,
Here is an implementation of the authentication flow using OpenId through OIDC Component, as well as the authorization token for REST APIs:
On the On Exception Action (Interface > UIFlows > Common > OnException ) use Public_OIDC/Get_Authorization_URL from OIDC (OIDC Client) module:
Where AppName = The name of the application configured on the OIDC Client Component
OriginalURL = is the link where you want the user to be redirected after the Login (you can choose the home screen or use GetBookmarkableURL() for a better user experience)
Replace the existing flow with the one displayed below:
Get_Authorization_URL.URL corresponds to the output URL built by the OIDC component to make a request for Authentication (based on the Authorization endpoint defined in your OIDC application):
Note: Auto User Provision is used if you want a user that was not been created yet in the OutSystems users database table to be created when accessing the application for the first time.
For the Logout flow:
On UserInfo block (Interface > UIFlows > Common > UserInfo) use Get_Logout_URL (defined on the OIDC component) and implement the same logic.
Bearer Token:
Use the AuthorizationHeader output variable from Get_AuthorizationToken action (OIDC Component) for your REST API calls (it will return a “Bearer XXXXXX” string to use directly).
hi joaoi do same configurations but output from Get_Authorization_URL is "?client_id=02615bc8-5de4-41f6-8c53-9b59db0a8123&redirect_uri=https%3a%2f%2foutsysdev.najmis.sa%2fOIDC%2frest%2fCallback%2fRedirect&response_type=code&scope=openid&nonce=efa4e4c9-a13d-4afb-b0ad-2c608e7c4746&response_mode=query&state=01K5B371KWCJMYKX4KN7M0G33T"no URL returned just parameters
Hi Adelia,
I see some screenshots available for helping you configure using the forge component OIDC Client. Try using those as a guideline and see if it works for you.
Regarding the Outsystems UI version warning, you can still do a Force Install. Don't worry it won't break anything.
Hi Ravi, I've installed the app and configured the OIDC setting. but my application still uses Outsystems default login. How can I connect the login to use the OIDC setting?
Hi João Ferreira,
Is there a document to show how to use this component in an end user application? Can this component support ES256, ES384 or ES512 for JWT header?
Thanks.
Jiang Ze
@Adelia Benalius I have the same question, but I read the document and your post, it is not very detailed, can you give me a detailed tutorial, thank you very much.