Skip to content
Last update: November 27, 2024

OpenID Connect

OpenID Connect (OIDC) is a standardized authentication protocol built on the OAuth 2.0 framework. It enables clients to verify end-user identities through an authorization server and provides access to basic user profile information.

OIDC serves as a bridge to identity providers, offering a unified framework to connect applications with providers like Virto Commerce, Google, or Microsoft. These providers securely authenticate users and share identity details using OIDC protocols.

In the Virto Commerce Platform, you can:

Key features

  • Authentication: Ensures secure user authentication and authorization.
  • Single Sign-On (SSO): Allows users to log in once and gain access to multiple applications.
  • User information: Provides access to user profile information.
  • Interoperability: Works with various identity providers like Google, Microsoft, and others.
  • Security: Implements robust security measures to protect user data.


Use OIDC module for identity providers setup

Our OpenID module allows using any, all, or a combination of the existing providers. To start using our OpenID module:

  1. Download and install it.
  2. Configure the appsettings.json file.

The oidc node in the appsettings.json file defines the settings for OpenID Connect authentication in Virto Commerce. This configuration enables integration with OIDC providers, allowing users to authenticate via external identity systems:

Node Default value Description
Enabled false Enables or disables the OIDC authentication.
AuthenticationType "oidc" A unique identifier for the authentication method.
AuthenticationCaption "OpenID Connect" A user-friendly name for the authentication method.
AllowCreateNewUser true Allows creating new users upon successful authentication.
DefaultUserType "Manager" Specifies the user type of newly created users.
DefaultUserRoles [] List of roles assigned to newly created users.
UserNameClaimType "name" Claim type used to retrieve the username.
EmailClaimType "email" Claim type used to retrieve the email address.
HasLoginForm true Displays a dedicated login form for this authentication method.
Priority 1 Specifies the sorting order of the authentication method.
LogoUrl null URL of the logo for the OpenID Connect authentication provider.
Authority "https://localhost:5001" Base URL of the OIDC provider (identity server).
ClientId "your-client-id" Client identifier issued by the OIDC provider.
ClientSecret "your-client-secret" Confidential client secret issued by the OIDC provider.
Scope ["openid", "profile", "email"] List of scopes requested from the OIDC provider.
ResponseMode "form_post" Determines how the authorization response is returned.
ResponseType "id_token" Specifies the type of response expected from the OIDC provider.
GetClaimsFromUserInfoEndpoint false Enables retrieval of additional claims from the user info endpoint.
CallbackPath "/signin-oidc" Path for redirection after successful authentication.
SignedOutCallbackPath "/signout-callback-oidc" Path for redirection after successful logout.
appsettings.json
"oidc": {
    "Enabled": true,
    "AuthenticationType": "google",
    "AuthenticationCaption": "Google",
    "Authority": "https://accounts.google.com",
    "ClientId": "your-client-id",
    "ClientSecret": "your-client-secret",
    "UserNameClaimType": "email"
}

Note

If you are using a single provider, you may not enter values for the callback paths. The system will use the default values.

appsettings.json
"oidc": {
    "Enabled": true,
    "AuthenticationType": "microsoft",
    "AuthenticationCaption": "Microsoft",
    "Authority": "https://login.microsoftonline.com/your-tenant-id/v2.0",
    "ClientId": "your-application-id",
    "UserNameClaimType": "preferred_username"
}

Note

If you are using a single provider, you may not enter values for the callback paths. The system will use the default values.

appsettings.json
"oidc": {
    "Enabled": true,
    "AuthenticationType": "virto",
    "AuthenticationCaption": "Virto Commerce",
    "Authority": "https://localhost:5001",
    "ClientId": "your-client-id",
    "ClientSecret": "your-client-secret",
    "ResponseMode": "query",
    "ResponseType": "code",
    "GetClaimsFromUserInfoEndpoint": true
}

Note

If you are using a single provider, you may not enter values for the callback paths. The system will use the default values.

appsettings.json
"oidc": [
  {
    "Enabled": true,
    "AuthenticationType": "virto",
    "AuthenticationCaption": "Virto Commerce",
    "Authority": "https://localhost:5001",
    "ClientId": "your-client-id",
    "ClientSecret": "your-client-secret",
    "CallbackPath": "/signin-virto",
    "SignedOutCallbackPath": "/signout-virto"
  },
  {
    "Enabled": true,
    "AuthenticationType": "google",
    "AuthenticationCaption": "Google",
    "Authority": "https://accounts.google.com",
    "ClientId": "your-client-id",
    "ClientSecret": "your-client-secret",
    "UserNameClaimType": "email",
    "CallbackPath": "/signin-google",
    "SignedOutCallbackPath": "/signout-google"
  },
  {
    "Enabled": true,
    "AuthenticationType": "microsoft",
    "AuthenticationCaption": "Microsoft",
    "Authority": "https://login.microsoftonline.com/your-tenant-id/v2.0",
    "ClientId": "your-application-id",
    "UserNameClaimType": "preferred_username",
    "CallbackPath": "/signin-microsoft",
    "SignedOutCallbackPath": "/signout-microsoft"
  }
]

Note

If using multiple providers, make sure you use unique authentication types and callback paths for each.

You can now use the registered identity provider.