Set up an OIDC client
Add a new OIDC client
- In the Signicat Dashboard, go to eID Hub > OIDC clients and select Create/Add client.
- Enter a name for the client.
- In Primary grant type, select which grant type you want to use with this client. We strongly recommend AuthorizationCode. For further information about the different grant types, refer to the OIDC specification and the OAuth 2.0 specification.
- In the Redirect URI field, enter the URL that you want to redirect your end-user to when the authentication process is finished. Note that if you want to use more than one redirect URI, you can still add them after the client has been created.
- In Scope, enter the scopes you want for this client.
openid
is mandatory.profile
andnin
are necessary in most cases. You can see the definition ofprofile
and other predefined scopes in the OIDC specification. As fornin
, this scope requests access to the end-user's national identification number. - Click Submit.
Now your client is created. However, there are still some settings you must configure before you can start using it. In most cases, this means that you must obtain a client secret, but not always. Most typically this would be if you intend to use the client in a frontend flow but then you always need to use PKCE. We strongly recommend using PKCE, even when you are using a client secret.
How to create a client secret
Make sure you save your client secret. You will only be able to view your client secret once, right after you create it. Therefore, it is important that you copy it and store it safely so that you can retrieve it later on. If you ever forget it or lose it, you have to create a new one.
- Select the name of the client you want to create a secret for.
- In the menu for the client, click Secrets and then Add secret.
- Enter a name for your client secret and click Create.
- Copy your new client secret and store it safely.
- Click Back to Secrets.
Further OIDC configuration options
Here's an overview of other configuration options you might find useful:
- If you want to enable PKCE, click Security > Require PKCE. We strongly recommend using PKCE.
- If your setup requires encryption, you can upload a public key in Public keys. If the particular ID method you want to use requires encryption, you can find more details about how to upload the required public key in the configuration instructions.
- To configure additional redirect URIs, go to URIs.
- To add or remove scopes from your client, go to Access.
Try it out!
The website https://oauth.tools/ is an excellent resource made by one of our commercial partners, Curity. As part of this partnership, you can now load directly into a Signicat Playground which is preconfigured for Signicat's Dashboard.
You can enter the Signicat Playground directly at https://oauth.tools/signicat.
The website allows you to graphically explore and play around with any number of OIDC and OAuth2 flows. This intuitive no-code approach is helpful for understanding all of the different flows and options available in our Dashboard.
Using your own specific account and clients
You can test a specific client by navigating to the client overview on the Signicat Dashboard, and selecting the Try out this client on oauth.tools! button. This will preconfigure the Signicat Playground with this client.
It is also possible to add and manage your clients manually from within the Signicat Playground. To do this, you can:
- Open OAuth Tools.
- On the left-hand side, right-click the 'Signicat Playground' (SP) symbol and select Settings from the menu.
- Click the Clients tab at the top.
- Manage your clients as you please.
- Close this settings view. The clients are now updated.