Integration using OpenID Connect#

Argus ID Provider supports OpenID clients. By using scope=openid the client can request an OIDC flow.

  • Adding the parameter scope to the authorization request makes the request into an OpenID request

  • Example:

The client can request additional scopes supported by Argus, to add more claims to the id token. Scopes should be listed as a space-delimited list of scope names:

  • Example plain text scopes: openid groups profile

  • Example URI-encoded scopes: openid%20groups%20profile

Valid scopes in Argus#


adds a claim groups which contains a JSON array of group shortnames:

"groups": [

adds a claim “groupstring” with a string-encoded JSON array of group shortnames (which is required by some OpenID clients)

"groupstring": "[\"mygroup1\",\"mygroup2\"]"

adds three claims with information about the domain and customer which the identified user is assigned to


this does not provide any information about permissions given to this user

"customer_id": 1,
"domain_id": 1,
"customer_shortname": "mycustomer",
"customer_name": "My Customer"

adds a claim email

"email": ""

adds claims for username, name and picture URI

"username": "myusername",
"name": "My Users Name",
"picture": ""

adds a claim “client_ip” which contains the IP which this user session is bound to (which may be used to verify that requests are indeed coming from this IP).


This is the IP as seen by Argus, so will not show a users private IP inside a NATed network or behind a proxy..

"client_ip": ""