Integration using OpenID Connect#
Argus ID Provider supports OpenID clients. By using scope=openid the client can
request an OIDC flow.
Adding the parameter
scopeto the authorization request makes the request into an OpenID requestExample:
https://portal.mnemonic.no/spa/oauth/authorize?client_id=021269c5-04c3-4399-a206-32659c489803&redirect_uri=https://my.application/oauth/callback&response_type=code&scope=openid
The client can request additional scopes supported by Argus, to add more claims to the id token. Scopes should be listed as a space-delimited list of scope names:
Example plain text scopes:
openid groups profileExample URI-encoded scopes:
openid%20groups%20profile
Valid scopes in Argus#
groupsadds a claim
groupswhich contains a JSON array of group shortnames:"groups": [ "mygroup1", "mygroup2" ]
groupstringadds a claim “groupstring” with a string-encoded JSON array of group shortnames (which is required by some OpenID clients)
"groupstring": "[\"mygroup1\",\"mygroup2\"]"
customeradds three claims with information about the domain and customer which the identified user is assigned to
Note
this does not provide any information about permissions given to this user
"customer_id": 1, "domain_id": 1, "customer_shortname": "mycustomer", "customer_name": "My Customer"
emailadds a claim
email"email": "user@domain.com"
profileadds claims for username, name and picture URI
"username": "myusername", "name": "My Users Name", "picture": "https://api.mnemonic.no/users/v2/user/1000/picture"
clientipadds a claim “client_ip” which contains the IP which this user session is bound to (which may be used to verify that requests are indeed coming from this IP).
Note
This is the IP as seen by Argus, so will not show a users private IP inside a NATed network or behind a proxy..
"client_ip": "94.127.56.1"