Skip to main content
Skip table of contents

OpenID Connect integration

[]

HCMS Client comes with its own authentication and authorization functionality, but it can be also configured to work with one or more OpenID Connect providers.

Get to know OpenID Connect

If you are not yet familiar with the OpenID standard and its latest implementation - OpenID Connect - we highly recommend you to do so, as some of the OpenID-specific terms will be used throughout this document.

Unfortunately, the OpenID Foundation does not provide any extensive documentaiton, also for the reason that certain technical details can vary across providers. Therefore, you will need to refer to the official documentation of your selected provider to get this information.

Provider requirements

OpenID standard is quite flexible. Consequently, various providers support various features, but to be used with the HCMS Client, your provider must support a few basic ones:

  • client authentication by client secret
  • Authentication Code or Hybrid Flow, with refresh token enabled
  • personal information provided as id token claims
    • in particular, email and/or preferred_username is required
  • logout
    • It is actually optional, but having no logout functionality would severely reduce overall security of the application.
    • Some providers use non-standard endpoint for this purpose. In this case, a special support must be added in the code (which is already done for AWS Cognito).
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.