OIDCAuth Extension

Introduction

The OIDCAuth Extension, together with the appway-oidcauth tool, provides the possibility to enable the integration of the OpenID Connect protocol (OIDC). The appway-oidcauth tool is automatically installed in all cloud installations.

Script Functions

The OIDCAuth extension provides the following script functions:

  • Auth:GetAccessToken — Returns the access token for the currently authenticated user using the OpenID Connect protocol. Null is returned if the user is logged in through a different authentication method. Example: Auth:GetAccessToken().

  • Auth:GetAccessTokenWithClientCredentialsFlow — Returns an access token obtained using client credentials flow. Parameters:

    • $providerName (String, Optional) — Name of the OpenID Connect provider configured in FNZ Studio (Configuration > OpenID Connect Providers). If null, the default provider is chosen. Example: 'Keycloak'
    • $scopes (String, Optional) — Optional, space-separated list of scopes. Example: offline_access profile
    • additionalParameters (String, Optional) — Named Collection of additional parameters. It is used by providers to address specific behavior.

    Example: Auth:GetAccessTokenWithClientCredentialsFlow('Keycloak', 'profile')

  • Auth:GetIdToken — Returns the ID token for the currently authenticated user using the OpenID Connect protocol. Null is returned if the user is logged in through a different authentication method. Example: Auth:GetIdToken()

  • Auth:GetRefreshToken — Returns the refresh token for the currently authenticated user using the OpenID Connect protocol. Null is returned if the user is logged in through a different authentication method. Example: Auth:GetRefreshToken()

Note: If the tokens returned by the Script Functions mentioned above are JWTs (Json Web Tokens), the Auth:DecodeJwt($token) Script Function can be used to inspect their content. Example: Auth:DecodeJwt(Auth:GetAccessTokenWithClientCredentialsFlow('Keycloak', 'profile')).