{"componentChunkName":"component---src-pages-author-author-yaml-id-js","path":"/author/sanjay-velu/","result":{"data":{"allMarkdownRemark":{"edges":[{"node":{"id":"32b07f74-dd3b-56f0-9ee1-747c79c6fc23","html":"<p>First, let's understand:</p>\n<ul>\n<li>What is SSO, and why should you use it?</li>\n<li>What is OIDC, and why is it used for authentication?</li>\n<li>How can you leverage LoginRadius as an identity provider?</li>\n</ul>\n<p><strong>SSO stands for Single Sign-On</strong>. It's an authentication process that allows a user to access multiple applications or systems with one set of login credentials (username and password). Instead of requiring users to log in separately to each application, SSO enables them to log in once and gain access to all the connected systems without needing to re-enter their credentials.</p>\n<p><strong>OpenID Connect (OIDC)</strong> is a protocol that builds on OAuth 2.0 to ensure secure user authentication and authorization. It adds an identity layer to OAuth 2.0, allowing applications to confirm a user's identity and gather basic profile information. OIDC utilizes JSON Web Tokens (JWTs) for these functions, aligning with OAuth 2.0's token acquisition methods. This integration enables seamless user authentication across different platforms, supporting features like single sign-on, where users can access multiple applications with one set of credentials managed by an identity provider.</p>\n<h2 id=\"what-is-loginradius-ciam\" style=\"position:relative;\"><a href=\"#what-is-loginradius-ciam\" aria-label=\"what is loginradius ciam permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>What is LoginRadius CIAM?</h2>\n<p>LoginRadius is a high-performance, scalable identity and access management platform focused on customer-facing use cases. It offers comprehensive features and capabilities to help you implement user authentication and authorization and manage user data with built-in workflows and security controls. </p>\n<p>On these lines, LoginRadius offers built-in support for OIDC and the use of OIDC to implement SSO.</p>\n<p>First, you need to create an OIDC application in LoginRadius to tailor user claim fields effortlessly. You can fine-tune these customizable user claims through LoginRadius' user-friendly interface. Subsequently, you can seamlessly integrate these claims into the token, enabling streamlined extraction and utilization within the application ecosystem.</p>\n<p>In essence, LoginRadius facilitates the setup of OIDC applications and offers customization capabilities through its intuitive interface. This ensures efficient management of user claims, ultimately contributing to a more personalized and secure authentication experience.</p>\n<p>After setting up the OIDC app from the LoginRadius dashboard, you'll use the <a href=\"https://github.com/coreos/go-oidc\"><code>go-oidc</code> library</a> to configure our provider further and configure the oidc connect.</p>\n<h2 id=\"setting-up-oidc-application-in-loginradius\" style=\"position:relative;\"><a href=\"#setting-up-oidc-application-in-loginradius\" aria-label=\"setting up oidc application in loginradius permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Setting Up OIDC Application in LoginRadius</h2>\n<p>Go to <a href=\"https://adminconsole.loginradius.com/platform-configuration/access-configuration/federated-sso/openid-connect\">OIDC Application Configuration</a> and click on <strong>Add App button</strong></p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 768px; \"\n    >\n      <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 42.15384615384615%; position: relative; bottom: 0; left: 0; background-image: url('data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAAIABQDASIAAhEBAxEB/8QAFwABAAMAAAAAAAAAAAAAAAAAAAECBf/EABUBAQEAAAAAAAAAAAAAAAAAAAAB/9oADAMBAAIQAxAAAAHZsJIX/8QAFhABAQEAAAAAAAAAAAAAAAAAACIh/9oACAEBAAEFAqU1/8QAFBEBAAAAAAAAAAAAAAAAAAAAEP/aAAgBAwEBPwE//8QAFBEBAAAAAAAAAAAAAAAAAAAAEP/aAAgBAgEBPwE//8QAGhAAAgIDAAAAAAAAAAAAAAAAAAEhMTKBof/aAAgBAQAGPwKUtMx6Uf/EABgQAAMBAQAAAAAAAAAAAAAAAAABEfGh/9oACAEBAAE/IbwsCgT3P//aAAwDAQACAAMAAAAQf8//xAAUEQEAAAAAAAAAAAAAAAAAAAAQ/9oACAEDAQE/ED//xAAUEQEAAAAAAAAAAAAAAAAAAAAQ/9oACAECAQE/ED//xAAcEAEAAgEFAAAAAAAAAAAAAAABABFhIXGBkdH/2gAIAQEAAT8QByAsN7xidPIo1Jxn/9k='); background-size: cover; display: block;\"\n  ></span>\n  <img\n        class=\"gatsby-resp-image-image\"\n        alt=\"OIDC App Configuration\"\n        title=\"OIDC App Configuration\"\n        src=\"/static/00116a4848c99cc03a6b816280de4dcd/212bf/OIDC-App.jpg\"\n        srcset=\"/static/00116a4848c99cc03a6b816280de4dcd/6aca1/OIDC-App.jpg 650w,\n/static/00116a4848c99cc03a6b816280de4dcd/212bf/OIDC-App.jpg 768w,\n/static/00116a4848c99cc03a6b816280de4dcd/e2c35/OIDC-App.jpg 2399w\"\n        sizes=\"(max-width: 768px) 100vw, 768px\"\n        style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n        loading=\"lazy\"\n      />\n    </span></p>\n<p>Enter the <strong>App name</strong> and click one of the following:</p>\n<p><strong>Native App</strong>, <strong>Single page App</strong> or <strong>Web App</strong> according to your application.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 768px; \"\n    >\n      <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 54.769230769230774%; position: relative; bottom: 0; left: 0; background-image: url('data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAALABQDASIAAhEBAxEB/8QAFwAAAwEAAAAAAAAAAAAAAAAAAAMEAf/EABQBAQAAAAAAAAAAAAAAAAAAAAD/2gAMAwEAAhADEAAAAW2RPIjA/8QAGRAAAwEBAQAAAAAAAAAAAAAAAQIDAAQR/9oACAEBAAEFAoIKMeeYGmxUmj+b/8QAFBEBAAAAAAAAAAAAAAAAAAAAEP/aAAgBAwEBPwE//8QAFBEBAAAAAAAAAAAAAAAAAAAAEP/aAAgBAgEBPwE//8QAGxAAAgEFAAAAAAAAAAAAAAAAAAExAhAhkaH/2gAIAQEABj8CaqXRzsgwTb//xAAaEAEAAgMBAAAAAAAAAAAAAAABABEQIVFB/9oACAEBAAE/IdAINVDEFw7lsMV1qOQ+eY//2gAMAwEAAgADAAAAEJDP/8QAFBEBAAAAAAAAAAAAAAAAAAAAEP/aAAgBAwEBPxA//8QAFBEBAAAAAAAAAAAAAAAAAAAAEP/aAAgBAgEBPxA//8QAHRABAQABBAMAAAAAAAAAAAAAAREAITFBUWGB0f/aAAgBAQABPxBRRdUK2cZYtCXcC94Iao9mWkGHQefOVUChI+YbZ//Z'); background-size: cover; display: block;\"\n  ></span>\n  <img\n        class=\"gatsby-resp-image-image\"\n        alt=\"OIDC App Setup\"\n        title=\"OIDC App Setup\"\n        src=\"/static/8a90565da5b70292e876657c74b5cf22/212bf/App-Setup.jpg\"\n        srcset=\"/static/8a90565da5b70292e876657c74b5cf22/6aca1/App-Setup.jpg 650w,\n/static/8a90565da5b70292e876657c74b5cf22/212bf/App-Setup.jpg 768w,\n/static/8a90565da5b70292e876657c74b5cf22/6f74a/App-Setup.jpg 2403w\"\n        sizes=\"(max-width: 768px) 100vw, 768px\"\n        style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n        loading=\"lazy\"\n      />\n    </span></p>\n<p>After clicking the <strong>Create</strong> button, you'll get the OIDC application configuration page. This page contains details like your application's <strong>Client ID</strong> and <strong>Client Secret</strong>, which are necessary for setting up the OIDC provider and configuration when you code in Golang.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 768px; \"\n    >\n      <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 53.84615384615385%; position: relative; bottom: 0; left: 0; background-image: url('data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAALABQDASIAAhEBAxEB/8QAGAAAAwEBAAAAAAAAAAAAAAAAAAECAwX/xAAUAQEAAAAAAAAAAAAAAAAAAAAA/9oADAMBAAIQAxAAAAHtawyhB//EABYQAAMAAAAAAAAAAAAAAAAAAAESIP/aAAgBAQABBQINX//EABQRAQAAAAAAAAAAAAAAAAAAABD/2gAIAQMBAT8BP//EABQRAQAAAAAAAAAAAAAAAAAAABD/2gAIAQIBAT8BP//EABcQAAMBAAAAAAAAAAAAAAAAABEgIoH/2gAIAQEABj8CoY3/xAAYEAADAQEAAAAAAAAAAAAAAAAAARFREP/aAAgBAQABPyFdOdURT//aAAwDAQACAAMAAAAQg8//xAAUEQEAAAAAAAAAAAAAAAAAAAAQ/9oACAEDAQE/ED//xAAUEQEAAAAAAAAAAAAAAAAAAAAQ/9oACAECAQE/ED//xAAcEAEAAgEFAAAAAAAAAAAAAAABABEhEDFBccH/2gAIAQEAAT8QsNgvYSu7YU490ViPK8y0/9k='); background-size: cover; display: block;\"\n  ></span>\n  <img\n        class=\"gatsby-resp-image-image\"\n        alt=\"OIDC APP Credentials\"\n        title=\"OIDC APP Credentials\"\n        src=\"/static/1461fbca24c61616613333e417d8ef5a/212bf/App-Credentials.jpg\"\n        srcset=\"/static/1461fbca24c61616613333e417d8ef5a/6aca1/App-Credentials.jpg 650w,\n/static/1461fbca24c61616613333e417d8ef5a/212bf/App-Credentials.jpg 768w,\n/static/1461fbca24c61616613333e417d8ef5a/e752a/App-Credentials.jpg 2389w\"\n        sizes=\"(max-width: 768px) 100vw, 768px\"\n        style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n        loading=\"lazy\"\n      />\n    </span></p>\n<h4 id=\"upon-reaching-the-configuration-page-for-your-oidc-application-youll-encounter-a-variety-of-fields-ripe-for-customization\" style=\"position:relative;\"><a href=\"#upon-reaching-the-configuration-page-for-your-oidc-application-youll-encounter-a-variety-of-fields-ripe-for-customization\" aria-label=\"upon reaching the configuration page for your oidc application youll encounter a variety of fields ripe for customization permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Upon reaching the configuration page for your OIDC Application, you'll encounter a variety of fields ripe for customization:</h4>\n<ol>\n<li><strong>Algorithm</strong>: Presently, we offer support for <strong>rs256</strong>.</li>\n<li><strong>Grant Type</strong>: Options include authorization code, implicit, password creds, etc.</li>\n<li>You can tailor settings for <strong>Token Expiry</strong>, <strong>Refresh Token</strong>, and <strong>TTL</strong> to suit your needs.</li>\n<li><strong>Data Mapping</strong>: Define fields or properties to be included in the data response.</li>\n<li><strong>Metadata</strong>: Incorporate static, non-profile values into the data response.</li>\n<li>Define the Scope for Management API.</li>\n</ol>\n<p>This array of configurable options empowers you to fine-tune your OIDC Application according to your specific requirements.</p>\n<h2 id=\"whitelisting-the-domain-of-your-application\" style=\"position:relative;\"><a href=\"#whitelisting-the-domain-of-your-application\" aria-label=\"whitelisting the domain of your application permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Whitelisting the Domain of Your Application</h2>\n<p>To ensure seamless redirection of requests and successful callbacks to your endpoint, add your application's domain to the whitelist. This will authorize the redirection process and prevent failures when calling the callback endpoint.</p>\n<h4 id=\"to-access-web-apps-in-deployment-follow-these-steps\" style=\"position:relative;\"><a href=\"#to-access-web-apps-in-deployment-follow-these-steps\" aria-label=\"to access web apps in deployment follow these steps permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>To access Web Apps in Deployment, follow these steps:</h4>\n<ol>\n<li>Navigate to the Deployment section from the Dashboard.</li>\n<li>Once in Deployment, select the Apps tab.</li>\n<li>From there, choose Web Apps.</li>\n</ol>\n<h4 id=\"now-to-add-a-new-site\" style=\"position:relative;\"><a href=\"#now-to-add-a-new-site\" aria-label=\"now to add a new site permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Now, to add a new site:</h4>\n<ol>\n<li>Click on the <strong>Add New Site</strong> button.</li>\n<li>Enter the domain name of the website (example: \"<code>https://localhost:8080</code>\").</li>\n</ol>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 768px; \"\n    >\n      <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 42.15384615384615%; position: relative; bottom: 0; left: 0; background-image: url('data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAAIABQDASIAAhEBAxEB/8QAFwABAAMAAAAAAAAAAAAAAAAAAAEDBf/EABUBAQEAAAAAAAAAAAAAAAAAAAAB/9oADAMBAAIQAxAAAAHasEgV/8QAFxAAAwEAAAAAAAAAAAAAAAAAABAREv/aAAgBAQABBQKZVP/EABQRAQAAAAAAAAAAAAAAAAAAABD/2gAIAQMBAT8BP//EABQRAQAAAAAAAAAAAAAAAAAAABD/2gAIAQIBAT8BP//EABgQAAIDAAAAAAAAAAAAAAAAAAAxARCR/9oACAEBAAY/AnO0j//EABoQAAICAwAAAAAAAAAAAAAAAAABEVEhMYH/2gAIAQEAAT8hSZbLkcY2uf/aAAwDAQACAAMAAAAQCA//xAAWEQEBAQAAAAAAAAAAAAAAAAAAIRH/2gAIAQMBAT8Q2q//xAAVEQEBAAAAAAAAAAAAAAAAAAAQQf/aAAgBAgEBPxCH/8QAGhAAAgIDAAAAAAAAAAAAAAAAAREAITFhgf/aAAgBAQABPxBuBWVwceJcACgTc//Z'); background-size: cover; display: block;\"\n  ></span>\n  <img\n        class=\"gatsby-resp-image-image\"\n        alt=\"Whitelisting Domain Name\"\n        title=\"Whitelisting Domain Name\"\n        src=\"/static/831a186ed00cc5a79276211572734129/212bf/Whitelisting-Domain.jpg\"\n        srcset=\"/static/831a186ed00cc5a79276211572734129/6aca1/Whitelisting-Domain.jpg 650w,\n/static/831a186ed00cc5a79276211572734129/212bf/Whitelisting-Domain.jpg 768w,\n/static/831a186ed00cc5a79276211572734129/e2c35/Whitelisting-Domain.jpg 2399w\"\n        sizes=\"(max-width: 768px) 100vw, 768px\"\n        style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n        loading=\"lazy\"\n      />\n    </span></p>\n<h3 id=\"whitelisting-domain-from-oidc-application-configuration\" style=\"position:relative;\"><a href=\"#whitelisting-domain-from-oidc-application-configuration\" aria-label=\"whitelisting domain from oidc application configuration permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Whitelisting Domain from OIDC Application Configuration</h3>\n<p>LoginRadius lets you uniquely identify the redirect URLs for individual OIDC applications:</p>\n<ul>\n<li>When setting the configuration of the OIDC Application, you can specify the redirect URL of your backend,\nand it will be whitelisted.</li>\n<li>The field name is <strong>Login Redirect URL</strong>.</li>\n</ul>\n<h2 id=\"setting-up-the-provider-object-and-the-oauthconfig-with-the-loginradius-oidc-app-credentials\" style=\"position:relative;\"><a href=\"#setting-up-the-provider-object-and-the-oauthconfig-with-the-loginradius-oidc-app-credentials\" aria-label=\"setting up the provider object and the oauthconfig with the loginradius oidc app credentials permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Setting Up the Provider Object and the OAuthconfig with the Loginradius OIDC App Credentials</h2>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"js\" data-index=\"0\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk12\">provider</span><span class=\"mtk1\">, err := </span><span class=\"mtk12\">oidc</span><span class=\"mtk1\">.</span><span class=\"mtk11\">NewProvider</span><span class=\"mtk1\">(</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">, </span><span class=\"mtk8\">&quot;`https://api.loginradius.com/{oidcappname}&quot;</span><span class=\"mtk1\">)</span><span class=\"mtk8\">`</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">if err != nil {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">    // handle error</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">// Configure an OpenID Connect aware OAuth2 client.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">oauth2Config := oauth2.Config{</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">    ClientID:     your-oidc-clientID,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">    ClientSecret: your-oidc-clientSecret</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">    RedirectURL:  redirectURL,</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">    // Discovery returns the OAuth2 endpoints.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">    Endpoint: provider.Endpoint(),</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">    // &quot;openid&quot; is a required scope for OpenID Connect flows.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">    Scopes: []string{oidc.ScopeOpenID, &quot;profile&quot;, &quot;email&quot;},</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk8\">}</span></span></code></pre>\n<p>When setting up a new provider, you'll need to input the LoginRadius OIDC App URL, typically in this format: <code>https://{siteUrl}/service/oidc/{OidcAppName}</code></p>\n<p>To seamlessly integrate this with your Go backend, create two essential APIs for setting up and configuring <code>go-oidc</code>:</p>\n<ol>\n<li><strong>Login Endpoint</strong>: This endpoint initiates the authentication process and redirects to the callback endpoint with the authorization code.</li>\n<li><strong>Callback Endpoint</strong>: Here, the authorization code received from the login endpoint is exchanged for an access token. Additionally, this endpoint extracts user claims from the access token.</li>\n</ol>\n<p>By establishing these APIs, your Go backend efficiently handles the authentication flow, ensuring a smooth user experience while securely managing user identity and access.</p>\n<h2 id=\"handle-the-callback-hit\" style=\"position:relative;\"><a href=\"#handle-the-callback-hit\" aria-label=\"handle the callback hit permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Handle the Callback Hit</h2>\n<p>Handle the callback hit that exchanged the authorization token for the access token:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"js\" data-index=\"1\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">verifier</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">provider</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Verifier</span><span class=\"mtk1\">(&</span><span class=\"mtk12\">oidc</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Config</span><span class=\"mtk1\">{</span><span class=\"mtk12\">ClientID:</span><span class=\"mtk1\"> </span><span class=\"mtk12\">clientID</span><span class=\"mtk1\">})</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">func</span><span class=\"mtk1\"> </span><span class=\"mtk11\">handleOAuth2Callback</span><span class=\"mtk1\">(</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\"> *</span><span class=\"mtk12\">gin</span><span class=\"mtk1\">.</span><span class=\"mtk12\">context</span><span class=\"mtk1\">) {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">// Verify state and errors.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    authCode := </span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">.</span><span class=\"mtk11\">query</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;code&quot;</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">oauth2Token</span><span class=\"mtk1\">, err := </span><span class=\"mtk12\">oauth2Config</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Exchange</span><span class=\"mtk1\">(</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">, </span><span class=\"mtk12\">authCode</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">if</span><span class=\"mtk1\"> </span><span class=\"mtk12\">err</span><span class=\"mtk1\"> != </span><span class=\"mtk12\">nil</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk3\">// handle error</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">// Extract the ID Token from the OAuth2 token.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">rawIDToken</span><span class=\"mtk1\">, ok := </span><span class=\"mtk12\">oauth2Token</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Extra</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;id_token&quot;</span><span class=\"mtk1\">).(</span><span class=\"mtk12\">string</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">if</span><span class=\"mtk1\"> !</span><span class=\"mtk12\">ok</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk3\">// handle missing token</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">// Parse and verify ID Token payload.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">idToken</span><span class=\"mtk1\">, err := </span><span class=\"mtk12\">verifier</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Verify</span><span class=\"mtk1\">(</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">, </span><span class=\"mtk12\">rawIDToken</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">if</span><span class=\"mtk1\"> </span><span class=\"mtk12\">err</span><span class=\"mtk1\"> != </span><span class=\"mtk12\">nil</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk3\">// handle error</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">// Extract custom claims</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">claims</span><span class=\"mtk1\"> struct {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">Email</span><span class=\"mtk1\">    </span><span class=\"mtk12\">string</span><span class=\"mtk1\"> </span><span class=\"mtk8\">`json:&quot;email&quot;`</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">Verified</span><span class=\"mtk1\"> </span><span class=\"mtk12\">bool</span><span class=\"mtk1\">   </span><span class=\"mtk8\">`json:&quot;email_verified&quot;`</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">if</span><span class=\"mtk1\"> err := </span><span class=\"mtk12\">idToken</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Claims</span><span class=\"mtk1\">(&</span><span class=\"mtk12\">claims</span><span class=\"mtk1\">); </span><span class=\"mtk12\">err</span><span class=\"mtk1\"> != </span><span class=\"mtk12\">nil</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk3\">// handle error</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}</span></span></code></pre>\n<p>For both endpoints, let's review a sample backend server with implementation in <a href=\"https://github.com/gin-gonic/gin\">Gin Golang</a>.</p>\n<h2 id=\"gin-golang-code\" style=\"position:relative;\"><a href=\"#gin-golang-code\" aria-label=\"gin golang code permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Gin Golang Code</h2>\n<p>For OIDC integration with the Go backend, you'll implement it using the <a href=\"https://github.com/coreos/go-oidc\">coreos/go-oidc</a> library (feel free to check it out). This library provides comprehensive support for OIDC, allowing to easily verify tokens, extract user claims, and validate ID tokens. Its features ensure secure authentication and seamless integration with various OIDC providers.</p>\n<p>With the <code>go-oidc</code> library, you can efficiently implement OIDC authentication in the Go backend, guaranteeing users a smooth and secure authentication process.</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"bash\" data-index=\"2\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk1\">go get github.com/coreos/go-oidc/v3/oidc</span></span></code></pre>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"javascript\" data-index=\"3\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk15\">package</span><span class=\"mtk1\"> </span><span class=\"mtk12\">main</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk11\">import</span><span class=\"mtk1\"> (</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk8\">&quot;encoding/json&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk8\">&quot;fmt&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk8\">&quot;io&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk8\">&quot;log&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk8\">&quot;net/http&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk8\">&quot;os&quot;</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk8\">&quot;github.com/coreos/go-oidc/v3/oidc&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk8\">&quot;github.com/gin-gonic/gin&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk8\">&quot;golang.org/x/oauth2&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Define global OAuth2 configuration and OIDC provider.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">var</span><span class=\"mtk1\"> (</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">oauthConfig</span><span class=\"mtk1\"> = &</span><span class=\"mtk12\">oauth2</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Config</span><span class=\"mtk1\">{</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\tClientID:     </span><span class=\"mtk8\">&quot;your-client-id&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk3\">// Replace with your LoginRadius Client ID</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\tRedirectURL:  </span><span class=\"mtk8\">&quot;http://localhost:8080/api/callback&quot;</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\tClientSecret: </span><span class=\"mtk8\">&quot;your-client-secret&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk3\">// Replace with your LoginRadius Client Secret</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\tScopes:       []</span><span class=\"mtk12\">string</span><span class=\"mtk1\">{</span><span class=\"mtk8\">&quot;user&quot;</span><span class=\"mtk1\">},</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t}</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">globalProvider</span><span class=\"mtk1\">   *</span><span class=\"mtk12\">oidc</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Provider</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">globalOuthConfig</span><span class=\"mtk1\"> *</span><span class=\"mtk12\">oauth2</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Config</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Server struct holds interfaces like HTTP server, DBHelper, ServerProvider, MongoDB client, etc.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">type</span><span class=\"mtk1\"> </span><span class=\"mtk10\">Server</span><span class=\"mtk1\"> struct {</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// InitializeOAuthConfig sets up the global OAuth2 configuration and OIDC provider.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">func</span><span class=\"mtk1\"> </span><span class=\"mtk11\">InitializeOAuthConfig</span><span class=\"mtk1\">() {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Create a new OIDC provider using the OAuth2 endpoint and OIDC provider URL.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">provider</span><span class=\"mtk1\">, err := </span><span class=\"mtk12\">oidc</span><span class=\"mtk1\">.</span><span class=\"mtk11\">NewProvider</span><span class=\"mtk1\">(</span><span class=\"mtk12\">context</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Background</span><span class=\"mtk1\">(), </span><span class=\"mtk8\">&quot;https://&lt;siteUrl&gt;/service/oidc/&lt;OidcAppName&gt;&quot;</span><span class=\"mtk1\">) </span><span class=\"mtk3\">// Replace with your OIDC Provider URL</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk15\">if</span><span class=\"mtk1\"> </span><span class=\"mtk12\">err</span><span class=\"mtk1\">!= </span><span class=\"mtk12\">nil</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk12\">log</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Fatalf</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;Failed to create new provider: %v&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">err</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t}</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">globalProvider</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">provider</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Set up the OAuth2 configuration with the client ID, secret, redirect URL, and scopes.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\toauth2Config := &</span><span class=\"mtk12\">oauth2</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Config</span><span class=\"mtk1\">{</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\tClientID:     </span><span class=\"mtk12\">oauthConfig</span><span class=\"mtk1\">.</span><span class=\"mtk12\">ClientID</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\tClientSecret: </span><span class=\"mtk12\">oauthConfig</span><span class=\"mtk1\">.</span><span class=\"mtk12\">ClientSecret</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\tRedirectURL:  </span><span class=\"mtk12\">oauthConfig</span><span class=\"mtk1\">.</span><span class=\"mtk12\">RedirectURL</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\tEndpoint:     </span><span class=\"mtk12\">provider</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Endpoint</span><span class=\"mtk1\">(),</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\tScopes:       []</span><span class=\"mtk12\">string</span><span class=\"mtk1\">{</span><span class=\"mtk12\">oidc</span><span class=\"mtk1\">.</span><span class=\"mtk12\">ScopeOpenID</span><span class=\"mtk1\">, </span><span class=\"mtk8\">&quot;profile&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk8\">&quot;email&quot;</span><span class=\"mtk1\">},</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t}</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">globalOuthConfig</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">oauth2Config</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// StartLoginProcess initiates the login process by redirecting the user to the OIDC provider.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">func</span><span class=\"mtk1\"> </span><span class=\"mtk11\">StartLoginProcess</span><span class=\"mtk1\">(</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\"> *</span><span class=\"mtk12\">gin</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Context</span><span class=\"mtk1\">) {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Generate the authorization URL for the OIDC provider.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\tauthURL := </span><span class=\"mtk12\">globalOuthConfig</span><span class=\"mtk1\">.</span><span class=\"mtk11\">AuthCodeURL</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;state&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">oidc</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Nonce</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;&quot;</span><span class=\"mtk1\">))</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Redirect the user to the OIDC provider for authentication.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">http</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Redirect</span><span class=\"mtk1\">(</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Writer</span><span class=\"mtk1\">, </span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Request</span><span class=\"mtk1\">, </span><span class=\"mtk12\">authURL</span><span class=\"mtk1\">, </span><span class=\"mtk12\">http</span><span class=\"mtk1\">.</span><span class=\"mtk12\">StatusFound</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// HandleCallback processes the callback from the OIDC provider after the user has authenticated.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">func</span><span class=\"mtk1\"> </span><span class=\"mtk11\">HandleCallback</span><span class=\"mtk1\">(</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\"> *</span><span class=\"mtk12\">gin</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Context</span><span class=\"mtk1\">) {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Retrieve the authorization code from the query parameters.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\tcode := </span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Query</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;code&quot;</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Exchange the authorization code for an access token.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">oauth2Token</span><span class=\"mtk1\">, err := </span><span class=\"mtk12\">globalOuthConfig</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Exchange</span><span class=\"mtk1\">(</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">, </span><span class=\"mtk12\">code</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk15\">if</span><span class=\"mtk1\"> </span><span class=\"mtk12\">err</span><span class=\"mtk1\">!= </span><span class=\"mtk12\">nil</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk12\">log</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Printf</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;Error exchanging code for token: %v&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">err</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk15\">return</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Extract the ID token from the OAuth2 token.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">rawIDToken</span><span class=\"mtk1\">, ok := </span><span class=\"mtk12\">oauth2Token</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Extra</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;id_token&quot;</span><span class=\"mtk1\">).(</span><span class=\"mtk12\">string</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk15\">if</span><span class=\"mtk1\">!</span><span class=\"mtk12\">ok</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk12\">log</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Println</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;Missing ID token&quot;</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk15\">return</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Verify the ID token using the OIDC provider.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">verifier</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">globalProvider</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Verifier</span><span class=\"mtk1\">(&</span><span class=\"mtk12\">oidc</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Config</span><span class=\"mtk1\">{</span><span class=\"mtk12\">ClientID:</span><span class=\"mtk1\"> </span><span class=\"mtk12\">globalOuthConfig</span><span class=\"mtk1\">.</span><span class=\"mtk12\">ClientID</span><span class=\"mtk1\">, </span><span class=\"mtk12\">SkipClientIDCheck:</span><span class=\"mtk1\"> </span><span class=\"mtk4\">true</span><span class=\"mtk1\">})</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">idToken</span><span class=\"mtk1\">, err := </span><span class=\"mtk12\">verifier</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Verify</span><span class=\"mtk1\">(</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">, </span><span class=\"mtk12\">rawIDToken</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk15\">if</span><span class=\"mtk1\"> </span><span class=\"mtk12\">err</span><span class=\"mtk1\">!= </span><span class=\"mtk12\">nil</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk12\">log</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Printf</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;Error verifying ID token: %v&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">err</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk15\">return</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Extract claims from the verified ID token.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">claims</span><span class=\"mtk1\"> interface{}</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk15\">if</span><span class=\"mtk1\"> err := </span><span class=\"mtk12\">idToken</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Claims</span><span class=\"mtk1\">(&</span><span class=\"mtk12\">claims</span><span class=\"mtk1\">); </span><span class=\"mtk12\">err</span><span class=\"mtk1\">!= </span><span class=\"mtk12\">nil</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk12\">log</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Printf</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;Error extracting claims: %v&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">err</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk15\">return</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Respond with a success message.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">ctx</span><span class=\"mtk1\">.</span><span class=\"mtk11\">JSON</span><span class=\"mtk1\">(</span><span class=\"mtk12\">http</span><span class=\"mtk1\">.</span><span class=\"mtk12\">StatusOK</span><span class=\"mtk1\">, </span><span class=\"mtk12\">gin</span><span class=\"mtk1\">.</span><span class=\"mtk12\">H</span><span class=\"mtk1\">{</span><span class=\"mtk8\">&quot;message&quot;</span><span class=\"mtk12\">:</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;success&quot;</span><span class=\"mtk1\">})</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// InjectRoutes sets up the routes for the application, including login and callback endpoints.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk11\">func</span><span class=\"mtk1\"> (</span><span class=\"mtk12\">srv</span><span class=\"mtk1\"> *</span><span class=\"mtk10\">Server</span><span class=\"mtk1\">) </span><span class=\"mtk11\">InjectRoutes</span><span class=\"mtk1\">() *</span><span class=\"mtk12\">gin</span><span class=\"mtk1\">.</span><span class=\"mtk12\">Engine</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\trouter := </span><span class=\"mtk12\">gin</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Default</span><span class=\"mtk1\">()</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\tapi := </span><span class=\"mtk12\">router</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Group</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;/api&quot;</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t{</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk3\">// Define the login route that redirects users to the OIDC provider for authentication.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk12\">api</span><span class=\"mtk1\">.</span><span class=\"mtk11\">GET</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;/login&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">StartLoginProcess</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk3\">// Define the callback route that handles the callback from the OIDC provider.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t\t</span><span class=\"mtk12\">api</span><span class=\"mtk1\">.</span><span class=\"mtk11\">GET</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;/callback&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">HandleCallback</span><span class=\"mtk1\">)</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk15\">return</span><span class=\"mtk1\"> </span><span class=\"mtk12\">router</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">func</span><span class=\"mtk1\"> </span><span class=\"mtk11\">main</span><span class=\"mtk1\">() {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Initialize the OAuth2 configuration and OIDC provider.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk11\">InitializeOAuthConfig</span><span class=\"mtk1\">()</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Create a new server instance.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\tserver := &</span><span class=\"mtk10\">Server</span><span class=\"mtk1\">{}</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Inject routes into the Gin engine.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\trouter := </span><span class=\"mtk12\">server</span><span class=\"mtk1\">.</span><span class=\"mtk11\">InjectRoutes</span><span class=\"mtk1\">()</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk3\">// Start the HTTP server.</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">\t</span><span class=\"mtk12\">log</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Fatal</span><span class=\"mtk1\">(</span><span class=\"mtk12\">http</span><span class=\"mtk1\">.</span><span class=\"mtk11\">ListenAndServe</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;:8080&quot;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">router</span><span class=\"mtk1\">))</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}</span></span></code></pre>\n<p>The process described involves several key steps in setting up an OAuth2 flow with OpenID Connect (OIDC) for user authentication.</p>\n<p>Here's a brief overview of what was done in the code:</p>\n<h3 id=\"initialization-of-oidc-provider-and-oauth2-configuration\" style=\"position:relative;\"><a href=\"#initialization-of-oidc-provider-and-oauth2-configuration\" aria-label=\"initialization of oidc provider and oauth2 configuration permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Initialization of OIDC Provider and OAuth2 Configuration</h3>\n<ul>\n<li>The OIDC provider is initialized using the <code>oidc.NewProvider</code> function, which requires the OAuth2 endpoint and the OIDC provider's URL. This step is crucial for establishing a connection with the OIDC provider, enabling the application to authenticate users through the provider.</li>\n<li>The OAuth2 configuration (<code>oauthConfig</code>) is set up with essential details such as the client ID, client secret, redirect URL, and scopes. These credentials are specific to the OIDC application registered with the provider (e.g., LoginRadius). The redirect URL is where the provider will send the user after authentication, and the scopes define the permissions requested from the user.</li>\n</ul>\n<h3 id=\"setting-up-the-callback-endpoint\" style=\"position:relative;\"><a href=\"#setting-up-the-callback-endpoint\" aria-label=\"setting up the callback endpoint permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Setting Up the Callback Endpoint</h3>\n<ul>\n<li>A callback endpoint is defined in the application, typically as <code>/api/callback</code>. This endpoint handles the callback from the OIDC provider after the user has been authenticated.</li>\n<li>When the user authenticates successfully, the OIDC provider redirects the user back to the application with an authorization code included in the query parameters.</li>\n<li>The application then exchanges this authorization code for an access token by calling the exchange method on the OAuth2 configuration object. This exchange process is handled securely by the OAuth2 library, ensuring that the application receives a valid access token.</li>\n</ul>\n<h3 id=\"verifying-the-access-token-and-extracting-user-claims\" style=\"position:relative;\"><a href=\"#verifying-the-access-token-and-extracting-user-claims\" aria-label=\"verifying the access token and extracting user claims permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Verifying the Access Token and Extracting User Claims</h3>\n<ul>\n<li>Once the access token is obtained, the application extracts the ID token from it. The ID token contains claims about the authenticated user, such as their name, email, and roles.</li>\n<li>The ID token is then verified using the OIDC provider's verifier. This step ensures that the token is valid and has not been tampered with. Verification involves checking the token's signature and possibly other claims to ensure it matches the expected values.</li>\n<li>After verification, the application extracts the claims from the ID token. These claims can be used to identify the user within the application, personalize the user experience, or enforce access control based on the user's roles or permissions.</li>\n</ul>\n<p>This process leverages the security and standardization provided by OIDC and OAuth2 to implement a secure authentication flow. By following these steps, the application can authenticate users through LoginRadius OIDC provider, ensuring that user credentials are managed securely and that the application can trust authenticated users' identities.</p>\n<h2 id=\"conclusion\" style=\"position:relative;\"><a href=\"#conclusion\" aria-label=\"conclusion permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Conclusion</h2>\n<p>In this tutorial, you have learned how to implement OIDC SSO with LoginRadius as the Identity Provider. You have also built a simple Golang backend with Gin to understand the implementation.</p>\n<style class=\"grvsc-styles\">\n  .grvsc-container {\n    overflow: auto;\n    -webkit-overflow-scrolling: touch;\n    padding-top: 1rem;\n    padding-top: var(--grvsc-padding-top, var(--grvsc-padding-v, 1rem));\n    padding-bottom: 1rem;\n    padding-bottom: var(--grvsc-padding-bottom, var(--grvsc-padding-v, 1rem));\n    border-radius: 8px;\n    border-radius: var(--grvsc-border-radius, 8px);\n    font-feature-settings: normal;\n  }\n  \n  .grvsc-code {\n    display: inline-block;\n    min-width: 100%;\n  }\n  \n  .grvsc-line {\n    display: inline-block;\n    box-sizing: border-box;\n    width: 100%;\n    padding-left: 1.5rem;\n    padding-left: var(--grvsc-padding-left, var(--grvsc-padding-h, 1.5rem));\n    padding-right: 1.5rem;\n    padding-right: var(--grvsc-padding-right, var(--grvsc-padding-h, 1.5rem));\n  }\n  \n  .grvsc-line-highlighted {\n    background-color: var(--grvsc-line-highlighted-background-color, transparent);\n    box-shadow: inset var(--grvsc-line-highlighted-border-width, 4px) 0 0 0 var(--grvsc-line-highlighted-border-color, transparent);\n  }\n  \n  .dark-default-dark {\n    background-color: #1E1E1E;\n    color: #D4D4D4;\n  }\n  .dark-default-dark .mtk12 { color: #9CDCFE; }\n  .dark-default-dark .mtk1 { color: #D4D4D4; }\n  .dark-default-dark .mtk11 { color: #DCDCAA; }\n  .dark-default-dark .mtk8 { color: #CE9178; }\n  .dark-default-dark .mtk4 { color: #569CD6; }\n  .dark-default-dark .mtk3 { color: #6A9955; }\n  .dark-default-dark .mtk15 { color: #C586C0; }\n  .dark-default-dark .mtk10 { color: #4EC9B0; }\n</style>","frontmatter":{"title":"How to Implement OpenID Connect (OIDC) SSO with LoginRadius?","author":{"id":"Sanjay Velu","github":"SanjayV0","avatar":null},"date":"May 30, 2024","updated_date":null,"tags":["SSO","OIDC","LoginRadius"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/4509bd963b39d84ce554829099fba02f/ee604/implementing-oidc-sso.png","srcSet":"/static/4509bd963b39d84ce554829099fba02f/69585/implementing-oidc-sso.png 200w,\n/static/4509bd963b39d84ce554829099fba02f/497c6/implementing-oidc-sso.png 400w,\n/static/4509bd963b39d84ce554829099fba02f/ee604/implementing-oidc-sso.png 800w,\n/static/4509bd963b39d84ce554829099fba02f/f3583/implementing-oidc-sso.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}}},"fields":{"authorId":"Sanjay Velu","slug":"/engineering/implementing-oidc-sso-loginradius-as-identity-provider/"}}}]},"authorYaml":{"id":"Sanjay Velu","bio":"Sanjay is a dynamic software developer who thrives on solving intricate coding challenges. With a keen eye for detail and a relentless pursuit of excellence, he navigates the ever-evolving landscape of technology with ease. His journey is marked by a commitment to lifelong learning and constantly exploring new technologies and methodologies to enhance his skill set.","github":"SanjayV0","stackoverflow":null,"linkedin":"sanjay-velu-377617155","medium":null,"twitter":null,"avatar":null}},"pageContext":{"id":"Sanjay Velu","__params":{"id":"sanjay-velu"}}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}