Enable OpenIDC Authentication

OpenResty Edge supports the OpenID Connect (OpenIDC, OIDC) protocol, which enables user authentication by obtaining user information from Identity Providers (IdP).

Workflow

The OpenIDC workflow is as follows:

OpenIDC Workflow Diagram

Configuration Guide

In HTTP Applications > Specific Application > Page Rules > Page Rule Actions, find Enable OpenIDC Authentication:

OpenIDC Configuration Interface

Configuration Parameters

ParameterDescription
Authentication MethodCurrently supports three methods: client_secret_basic, client_secret_post, and client_secret_jwt
Client IDClient identity, obtained from the Identity Provider (IdP)
Client SecretClient key, obtained from the Identity Provider (IdP)
Discovery EndpointURL provided by the Identity Provider (IdP) to obtain the OpenID protocol specifications supported by the service
ScopeClient permissions, must include OpenID, common values are openid email profile
Redirect URIThe address to redirect to after successful authentication, supports relative and absolute addresses, can be left empty (defaults to the original request URL), typically needs to match the configuration in the Identity Provider (IdP)
Enable SSL VerificationWhether OpenResty Edge™ uses encrypted connections with the Identity Provider (IdP)
TimeoutConnection timeout between OpenResty Edge™ and the Identity Provider (IdP), in milliseconds
Logout PathRequesting domain + logout path can log out from the Identity Provider (IdP), requiring re-login for subsequent authentication, common value is /logout

Practical Application Example

The following example demonstrates how to configure and use OpenIDC authentication with Auth0.

Step 1: Configure in Auth0

Configure authentication information and redirect_uri in the Auth0 dashboard:

Auth0 Credentials Configuration

Auth0 Redirect URI Configuration

Step 2: Configure OpenIDC Authentication in Edge

Enable OpenIDC authentication in Edge and enter the information obtained from Auth0:

Edge OpenIDC Configuration

Step 3: Add Redirect Rule

After enabling the OpenIDC authentication rule, add a redirect_uri related rule to handle actions when authentication fails or when directly accessing the redirect_uri:

Edge Rules Configuration

After these two rules, you can add other normal business rules. In this example, the last rule prints Hello World.

Step 4: Test the Authentication Flow

When accessing /protected-resource, you will be redirected to the Auth0 login interface:

Auth0 Login Interface

After successful login, the system will redirect back to /protected-resource and successfully access it:

Authentication Success Page