Getting started with OpenID connect#
The customer portal allows Feide administrators to register and manage applications.
Authentication#
Authentication in Feide can be done using OpenID Connect or SAML. OpenID Connect (OIDC) is the standard for identity verification on top of OAuth 2.0 token based authorization, and is widely used on the web. With OIDC, the application gets verified information about the user’s identity as well as an access token which it can use to access a set of APIs.
Setting up your application#
On the customer portal you will get details and credentials to set up your application as an OpenID Connect (OIDC) relying party.
If your client already supports OIDC or OAuth 2.0, remaining work may just be some simple configuration.
Otherwise, here is more information about how to use OIDC with Feide:
In the customer portal you can configure which login providers under configuration tab or under host organization you will enable for the end users. Your configuration here will be reflected in the available login options for the end users during login. See the login flow
Using the Groups API#
Note
If you are unable to find the information you are looking for at OIDC userinfo or in
the id_token, it will often turn out that it is available through the groups API.
This API depends on OpenID Connect, but isn’t part of it. Hence, it is not covered by OIDC libraries, or by OIDC documentation and examples available on the net.
A user’s relationship to schools, workplaces, classes, subjects and more are
expressed as group memberships. When your application is given a valid access token with
one or more of the attribute groups groups-org, groups-edu or groups-other, you
will be able to access the groups API to get information about the current group
affiliations of the current user.
Using Third-Party Data Sources#
One of Feide’s key features is the ability to access data sources from third parties. The platform supports publishing, discovering, and managing access to these data sources.