The SimpleIdServer's Identity Provider can act as an OPENID server.
Supported Grant Types
The following Grant Types are supported
Supported authentication methods
The following client authentication methods are supported.
The Client is the application that is attempting to act on behalf of the user or access the user's resources.
There are three templates
|This template assists in creating an application that adheres to the standard security protocols, such as Ws-Federation, OPENID or SAML2
|User Agent Based application (SPA)
|Web application executed on server
|Desktop or mobile application
|A WS-Federation relying party
|A Service Provider (SP)
|Device - An IoT application
|This template assists in creating an application used in the Financial Domain. This application must be highly secure and must adhere to a set of security practices.
|Highly secure Web Application
|External Device Authentication
To manage the clients, navigate to the
You can view the configuration of the client by clicking on its identifier displayed in the first column of the table.
The client view displays six tab elements:
Details : Display the details of the client; depending on the nature of the client (machine or website), the displayed parameters vary. For instance, if the client is a Single Page Application, the Redirect URLs are displayed; otherwise, if the client is a Console Application/Machine, the Redirect URLs are not displayed.
Client Scopes Display the list of Scopes to which the client has access. There are two types of scopes : Identity Scope and Api Scope.Identity Scopes grant the client access to specific claims of the authenticated user, such as Email. API Scopes grant the client access to certain Api Resources, for example, the Read action on the Clients REST API.
Keys : Some client authentication methods require a client secret signed by a key, such as private_key_jwt. The Identity Provider stores the public keys or uses the Json Web Key URL exposed by the client to verify the signature of the client secret.
Credentials: Select the authentication method.
Roles : One or more user roles can be assigned to a client, for example, 'administrator.' The role can also be assigned to a group, and that group can, in turn, be assigned to one or more users. The client's role will be included in the
roleclaims of the authenticated user. When the client receives the token, it can check the permissions.
Advanced: Display all the available parameters of a client.
The Scope provides a means to restrict the level of access granted to an access token.
There are two types of scopes:
|OpenId / Identity Scope
|OPENID/Identity scopes are used by a client during authentication to authorize access to a user's details, such as name and picture.
|Restrict access to REST API/resources.
To manage the scopes, navigate to the
There are two types of mapping rules:
|Transform a user's claim into an output claim; claims are not static and can take any form
|Transform a user's property into an output claim; properties are static and defined by SimpleIdServer
An API scope represents a permission for one or more API resources, such as
read for the client named
aud claim is populated with the relevant API resources. This claim is used by the API during the authorization process.