OpenID Connect Playground
One of the best ways to learn the OIDC flow is to see it in action. This is also an excellent resource to troubleshoot issues with OIDC integrations - it allows you to see the tokens flowing between the browser, the relying party, and the identity provider right in your browser. This tutorial leverages the OpenID Connect Playground debugging tool provided by Auth0 / Okta (they may be competition, but they have great resources for developers!)
The whole setup can be completed in under 10 minutes, and we think you will find it is well worth the time investment.
Part 1 - BlokSec Setup
Create the Application
- In BlokSec, Add Application -> Create Custom
- Select SSO Type "OpenID Connect"
- Enter a name (e.g., "OIDC Playground")
- Enter
https://openidconnect.net/callback
as the Redirect URI - Add any other configuration settings you would like to test such as Attributes
- Click Submit to save the application
Copy the Application ID and Secret
The Application ID and Secret will be used when configuring our OpenID Connect relying party - the playground app. In many OIDC settings these are referred to as the client ID and client secret respectively.
- Make note of the Application ID
- Click Generate App Secret and make note of the generated Application Secret
Register a Test Account
- In the application, from the 'gear' menu, select Create Account
- Create an account for yourself to test with
- The registration link will be sent to the Email provided
- You may choose any Account Name but we suggest using your email address for the account name as well (best practice)
- Complete the registration on your yuID mobile authenticator app
Part 2 - Using the Playground Tool
- Navigate to Auth0's OpenID Connect Playground
- Click Configuration and complete as follows:
Server Template: Custom
Discovery Document URL:https://api.bloksec.io/oidc/.well-known/openid-configuration
(*Click Use Discovery Document*)
OIDC Client ID:(Application ID from BlokSec)
OIDC Secret:(Application Secret from BlokSec)
Scope:openid profile email
> - Click the Start button to begin the OIDC flow
- You will be redirected to BlokSec - login with your test account
- Once login is successful, you will be redirected back to the OpenID Connect Playground with an authorization code
tip
Open your browser's Network tab under Developer Tools to see the HTTP requests and responses!
- Click Exchange to have the OpenID Connect Playground server send the authentication code to BlokSec in exchange for an
access_token
andid_token
- Click Next to begin the token verification process
- Click Verify to have the OpenID Connect Playground server verify the signature on the
id_token
and decode the payloadinfoYou can use this resource to check that any custom attributes are configured correctly by inspecting exactly what is being sent to a relying part during an OIDC exchange.