Setting up Argus to work with an external OpenID Provider - Authorization Code Flow#

Defining new OpenID Provider#

To define a new OpenID provider, use the/authentication/v1/openid/provider endpoint:

curl -XPOST -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/authentication/v1/openid/provider -d
{
    "customer": "mycustomer",
    "shortName": "myprovider",
    "name": "My ADFS Provider",
    "clientID": "argusClient",
    "secret": "myClientSecret",
    "responseType": "code",
    "jwksURI": "https://my.provider/.well-known/jwks.json",
    "providerURI": "https://my.provider/oidc/authorize",
    "tokenURI": "https://my.provider/oidc/token",
    "issuer": "https://my.provider",
    "claimsMapping": {
        "userName": "user"
     }
}

This setup is similar to the Implicit Flow above, with these differences:

  • You need to specify the tokenURI

  • You need to specify responseType: code

  • You need to provide a client secret, typically set when defining the Argus client in the ID provider. This secret is used by Argus when resolving the authorization code towards the token endpoint.