search

Generic OAuth Provider

Since Lowcoder v2.4.0, a generic OAuth Provider has been introduced. The goal is to cover as many OAuth providers as possible without special implementation but give you, as an Admin, the freedom to connect to any OAuth Provider using a flexible configuration.

circle-info

As communicated and voted by the community, we introduced the functionality in v2.4.0 but are still optimizing it, based on your feedback. Latest by Lowcoder v2.5.x this function is stable. (We expect anyhow already before that version a stable function of it.)

OAuth Providers are configured individually per Workspace.

The configuration has three parts:

  • Meta-Data

  • OAuth Provider Configuration

  • Information Mapping

hashtag
Setup a generic OAuth provider

As the Admin of your Workspace, go to Settings > User Authentication. Here, you will find a List of your configured User Authentication Providers.

Overview of configured Aouth Providers for your Workspace

Now, you can use the button in the upper right corner to add a new OAuth Provider. Select "Generic".

hashtag
.well_known URI

The .well-known/openid-configuration URI is specifically part of the OpenID Connect (OIDC) standard. If a provider supports OpenID Connect, this endpoint provides a JSON document with the configuration details for OAuth and OIDC operations. Lowcoder will try to use this configuration data and will fill out the standard OAuth Provider Configuration fields as well as possible in the next screens of the Generic OAuth Provider Configurator.

Enter your Well Known URI to auto-fill the configuration in Step 2

hashtag
Popular Services

Here are some popular services and their OpenID configuration Endpoints

hashtag
Google

hashtag
Facebook

hashtag
Microsoft

hashtag
LinkedIn

hashtag
Apple

hashtag
Amazon Cognito

hashtag
Salesforce

hashtag
Dropbox

hashtag
PayPal

hashtag
Slack

hashtag
Popular IDMs that you can self-host

hashtag
Keycloak

hashtag
Okta

hashtag
Auth0

hashtag
Ory

hashtag
Authentik

hashtag
IBM Security Access Manager (ISAM)

hashtag
OAuth Source Meta-Data

Meta Data describes the Auth Source, allowing you to influence the visual representation of the OAuth Provider in the Sign In / Sign Up screen.

Enter a Displayed Name, Category, Icon and a Description
triangle-exclamation

In Lowcoder v2.4.0 you must set the field "Source" to GENERIC

From Lowcoder v2.4.1, the field "Source" will be hidden and filled out automatically.

hashtag
OAuth Configuration

In Step 2, you can now set up the configuration Data for your OAuth Provider. We introduced this in v2.4.0, and the screen will surely be extended with features in the upcoming versions.

triangle-exclamation

Scopes must be set with a space character between the scopes, not comma-separated.

circle-info

Some providers do only support OAuth - but not (yet?) OpenID. This means that the User Introspection Endpoints /userinfo are not available. For this case you can activate or deactivate this Introspection. (This function comes into effect at Lowcoder v2.4.1)

hashtag
Provider-Side Configuration

At your IDM you would need to prepare an OAuth Client resp. a OAuth Client Application. There are multiple settings.

  • Redirect URL. Here you enter your domain (origin) of your installation like http://localhost:3000 or https://app.lowcoder.cloud and add the path: {origin}/user/auth/oauth/redirect

  • Scopes: You should set the following Scopes if possible. offline_access and profile are important.

    • openid

    • offline_access

    • email

    • profile

  • Supported OAuth2 flows: To handle User-Logins you need to activate the Authorization Code Flow. Also you may need to activate the Refresh Token possibility.

  • Client authentication mechanism: Here, you can set HTTP Body

hashtag
OAuth Data Mapping

We introduce the possibility of mapping Data from OAuth providers to Lowcoder. We just started it in v2.4.0, and in this version, we enabled 4 attributes.

  • UID (The User-ID in the IDM System)

  • Email (The Email Address of the User in the IDM System)

  • Username (The Name of the User)

  • Avatar (The profile picture of the User)

OData Mapping

The second screen shows how the Avatar and Username come into effect after the Mapping.

circle-exclamation

In v2.4.0 we support mapping out of the JWT (access_token) from the IDM. In future versions, we will also support the mapping of Attributes from the OpenID /userInfo endpoint.

circle-info

In future versions of Lowcoder, we will also support Attribute Matching of Token Claims to User Groups and Roles.

PreviousGitHubNextQuery library

Last updated

Was this helpful?