Introduction
Introduction
In the world of Empress, OpenID Connect plays a paramount role in the authentication of users. OpenID Connect, a fundamental standard for user authentication, is used by Empress, the framework upon which Empress is built. This guide will guide you through every technical aspect of this feature, helping you grasp its full potential and how it integrates into your software development and customization processes.
OpenID Connect: Technical Features and Advantages
The OpenID Connect feature in Empress provides you with an id_token along with an access_token. To obtain these, you need to pass openid as the value for the scope parameter during the authorization request.
When the scope is openid, the JSON response with access_token will also include a JSON Web Token (id_token). This token, signed with HS256 and Client Secret, contains the at_hash when decoded.
Here is an example of a Bearer Token with a openid scope:
{
"token_type": "Bearer",
"id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6Imp3dCJ9.eyJpc3MiOiJodHRwczovL21udGVjaG5pcXVlLmNvbSIsImF0X2hhc2giOiJOQlFXbExJUy1lQ1BXd1d4Y0EwaVpnIiwiYXVkIjoiYjg3NzJhZWQ1YyIsImV4cCI6MTQ3Nzk1NTYzMywic3ViIjoiNWFjNDE2NThkZjFiZTE1MjI4M2QxYTk0YjhmYzcwNDIifQ.1GRvhk5wNoR4GWoeQfleEDgtLS5nvj9nsO4xd8QE-Uk",
"access_token": "ZJD04ldyyvjuAngjgBrgHwxcOig4vW",
"scope": "openid",
"expires_in": 3600,
"refresh_token": "2pBTDTGhjzs2EWRkcNV1N67yw0nizS"
}
Empress Social Login Setup
Setting up the social login in Empress involves two servers, namely the Primary Server and Empress App Server. The Primary Server is where all the users are hosted, such as https://frappe.io. The Empress App Server is the client that connects to the Identity Provider (IDP).
Primary Server
To set up the Primary Server as the main server, navigate to Setup > Integrations > Social Login Keys and enter https://frappe.io in the Empress Server URL field.
Under this server, add as many OAuth Client(s) as required. If you’re setting up one app server, add only one OAuth Client.
Empress App Server
To set up the Empress App Server, navigate to Setup > Integrations > Social Login Keys on this server and add appropriate values to Empress Client ID and Empress Client Secret (refer to the client added on the Primary Server). Remember to keep https://frappe.io as the Empress Server URL.
Upon successful setup, you’ll notice the Empress icon on the login page, which you can click to login with an account created on the Primary Server (IDP) https://frappe.io.
Note: The Skip Authorization checkbox can be used to streamline the user experience for internal organization apps.
Guide Summary
In summary, the OpenID Connect feature in Empress offers a powerful and flexible way to authenticate users, enabling developers to effectively integrate user authentication into their software. By understanding and implementing this feature, developers can significantly enhance their ability to customize business solutions in Empress.
This guide has provided an in-depth exploration of OpenID Connect from a software development perspective, including critical aspects like API endpoints, data structures, and algorithmic logic. It has also discussed user roles and permissions within the system architecture and security considerations, providing a comprehensive understanding of the OpenID Connect feature in Empress.