Identity Broker Service

4. OpenID Integration

Before your application can use miniOrange Open ID Connect authentication system for user login, you must set up an application in miniOrange administrator console to obtain Open ID Connect credentials, set a redirect URI, and (optionally) and add an application name.

Configure Single Sign-On (SSO) Settings for OpenID Integration :

Step 1 : Create app and get credentials

  • To configure and use miniOrange SAML Broker services, create a business free trial account here.
  • Click here to login to miniOrange admin dashboard.
  • Go to Identity Providers from side menu.
  • Click on Add Identity Source.
  • Select OpenID, enter all the required fields and click on SAVE button.

Note that not all types of credentials use both a client ID and client secret and won’t be listed in the document if they are not used.

So now once you have created the application for OpenID Connect. You need to create a policy for the same to let user authenticate with our various strong authentication methods

Step 2. Create a policy

  • Go to the miniOrange Administrator Console.
  • Go to Policy > App Authentication Policy. Then select tab “Add Policy”.
  • In the Application name select the OpenID Application that you have created.
  • Enter configuration settings and Save.

Download our miniOrange SampleApp

You can download our miniOrange Sample Application written in JAVA/PHP/PYTHON to have a demonstration of our OpenId Connect flow or to make an OpenId Connect client application for yourself.

JAVA
Click here to download miniOrange OpenId Sample Application for JAVA

PHP
Click here to download miniOrange OpenId Sample Application for PHP

Python
Click here to download miniOrange OpenId Sample Application for Python

Create a REST service or similar on your application to handle response from Authorization Endpoint(Note : this must be the redirect URI parameter).

Example (https://<your-domain>/rest/openidresponse)

Response attributes: code, state.

Now you just need to make two calls: one to get an access token and another to get user info with the help of that access_token.


//Click here to download the JAVA library
//Java - Import our miniOrange API(copy all the JAR files in a lib folder and add them to build path)
import com.miniorange.openid.client.AuthorizationServerRequest;

//Get the parameters from the request
String code = request.getParameter("code");
String state = request.getParameter("state");
String clientSecret = "enter-your-client-secret-noted-from-miniOrange-admin-console";
String hostName = "enter-the-miniOrange-host-name-without-http-or-subdomain Example: login.xecurify.com";

//Step 1 : Initialize the Object with hostName, code and clientSecret.

AuthorizationServerRequest clientObj = new AuthorizationServerRequest(hostName, code, clientSecret);

//Step 2: Make a token request using a code and state parameter received on the redirect URI.

String token = clientObj.sendTokenRequest();

/**
String token is a JSON. Example string token JSON :
{"scope":"openid","expires_in":3600,"token_type":"bearer",
"id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEifQ.eyJhdXRoX3RpbWUiOiJUaHUgQXBy
IDE2IDEzOjA2OjE4IElTVCAyMDE1IiwiZXhwIjoxNDMwMTY5Nzc4LCJzdWIiOiJkZW1vQG1pbmlvcmFuZ2UuY28uaW4iLCJub25jZSI6IkJ1U1
MxSjktZllmaDgwYmVDOVdwM2Vwc1BCdHRpLVdmS09xdGlmWnMxa0UiLCJhdF9oYXNoIjoiMmY2ZnlqWGRRUmdWVTl3IiwiYXVkIjpbIkFuemp4
NFNmM2FWZTZnZyJdLCJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpYXQiOjE0MjkxNjk3Nzh9.P6VXffhTX9B62tjupP8tWdv9eYpXCBnDt
ramHDDF2pYujcgNPntX1OrEieD1Uvswdk2qagOfm0HbfG3OtGa6xZ8Ixpqg7RDUusPRHFptcgSw9YlZtyv1CyIIh_eQ4yrfo2oHfwW-5aDIUO5
tNmjoWrEK4NzR1fWYXRmL5eyu51o",
"access_token":"2f6fyjXdQRgVU9w"}
**/

//Step 3 : OPTIONAL. Validate id_token on your side.
< Your java code for validating id_token from the JWK set>

//Step 4: Make a user_info request. Fetch access_token from the JSON string token received in Step 1.
String user_info = clientObj.sendUserInfoRequest(access_token);

/**
Example user info JSON :
{"sub":"demo@miniorange.co.in","primaryPhone":"+917XXXXXXX",
"email":"demo@miniorange.co.in","name":"Demo User","family_name":"User",
"preferred_username":"demo@miniorange.co.in","given_name":"Demo"}
**/

Return user_info; //Proceed your login flow with the user_info scopes.


//Click here to download the PHP library

//PHP - Step 1. Import the PHP Library
require('AuthorizeOpenIDRequest.php');
$code = $_GET['code']; //Code response parameter
$state = $_GET['state']; //Match the state received
$host = 'login.xecurify.com'; // Server host name without http or sub-domain name or port.
$clientSecret = 'abcdefghijklm'; //Client Secret noted from The 'Configure App' page in miniOrange administrator Console.

//Step 2. Initialize Object
$obj = new AuthorizeOpenIDRequest();
$obj->authCode = $code;
$obj->state = $state;
$obj->hostName = $host;
$obj->clientSecret = $clientSecret;

//Step 3. Make request to token Endpoint to gain Access token.
$token = $obj->sendTokenRequest();
/**
{"scope":"openid","expires_in":3600,"token_type":"bearer",
"id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEifQ.eyJhdXRoX3RpbWUiOiJUaHUgQXBy
IDE2IDEzOjA2OjE4IElTVCAyMDE1IiwiZXhwIjoxNDMwMTY5Nzc4LCJzdWIiOiJkZW1vQG1pbmlvcmFuZ2UuY28uaW4iLCJub25jZSI6IkJ1U1
MxSjktZllmaDgwYmVDOVdwM2Vwc1BCdHRpLVdmS09xdGlmWnMxa0UiLCJhdF9oYXNoIjoiMmY2ZnlqWGRRUmdWVTl3IiwiYXVkIjpbIkFuemp4
NFNmM2FWZTZnZyJdLCJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpYXQiOjE0MjkxNjk3Nzh9.P6VXffhTX9B62tjupP8tWdv9eYpXCBnDt
ramHDDF2pYujcgNPntX1OrEieD1Uvswdk2qagOfm0HbfG3OtGa6xZ8Ixpqg7RDUusPRHFptcgSw9YlZtyv1CyIIh_eQ4yrfo2oHfwW-5aDIUO5
tNmjoWrEK4NzR1fWYXRmL5eyu51o",
"access_token":"2f6fyjXdQRgVU9w"}
**/

//Get the access_token from the JSON token.
$jObj = json_decode($token);
$access_token = $jObj->access_token;

//Step 4. Validate id_token from $jObj->id_token; Using JWK Set uri.

//Step 5. Make request to userinfo Endpoint with the help if access_token received.
$user_info = $obj->sendUserInfoRequest($access_token);

/**
Example user info JSON :
{"sub":"demo@miniorange.co.in","primaryPhone":"+917XXXXXXX",
"email":"demo@miniorange.co.in","name":"Demo User","family_name":"User",
"preferred_username":"demo@miniorange.co.in","given_name":"Demo"}
**/

//Read user_info JSON, contains user information.
$uinfo = json_decode($user_info);


//Click here to download the PYTHON library

"PHP - Step 1. Import the PYTHON Library"
from AuthorizeOpenIdRequest import AuthorizeOpenIDRequest
import json

"Step 1. Initialize Object with hostName, AuthCode, clientSecret"
"hostName : enter the miniOrange Host name without adding HTTP/HTTPS or SUBDOMAIN"
"Enter the client secret noted while creating app in miniOrange Admin Console"
"authCode is returned after authentication in miniOrange"
hostName = "login.xecurify.com"
clientSecret = "iercoierncoiec"
authCode = request.GET.get('code')

"Initialize"
authReq = AuthorizeOpenIDRequest(hostName, authCode, clientSecret)

"Step 2. Make request to token endpoint"
token = authReq.sendTokenRequest()
print('token is ' + token)

/**
{"scope":"openid","expires_in":3600,"token_type":"bearer",
"id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEifQ.eyJhdXRoX3RpbWUiOiJUaHUgQXBy
IDE2IDEzOjA2OjE4IElTVCAyMDE1IiwiZXhwIjoxNDMwMTY5Nzc4LCJzdWIiOiJkZW1vQG1pbmlvcmFuZ2UuY28uaW4iLCJub25jZSI6IkJ1U1
MxSjktZllmaDgwYmVDOVdwM2Vwc1BCdHRpLVdmS09xdGlmWnMxa0UiLCJhdF9oYXNoIjoiMmY2ZnlqWGRRUmdWVTl3IiwiYXVkIjpbIkFuemp4
NFNmM2FWZTZnZyJdLCJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpYXQiOjE0MjkxNjk3Nzh9.P6VXffhTX9B62tjupP8tWdv9eYpXCBnDt
ramHDDF2pYujcgNPntX1OrEieD1Uvswdk2qagOfm0HbfG3OtGa6xZ8Ixpqg7RDUusPRHFptcgSw9YlZtyv1CyIIh_eQ4yrfo2oHfwW-5aDIUO5
tNmjoWrEK4NzR1fWYXRmL5eyu51o",
"access_token":"2f6fyjXdQRgVU9w"}
**/

"OPTIONAL. Perform token validation"

"Step 3. Retrieve access_token from token JSON"
jsonData = json.loads(token)
accessToken = jsonData['access_token']

"Step 4. Make request to userinfo endpoint"
userInfo = authReq.sendUserInfoRequest(accessToken)

/**
Example user info JSON :
{"sub":"demo@miniorange.co.in","primaryPhone":"+117XXXXXXX",
"email":"demo@miniorange.co.in","name":"Demo User","family_name":"User",
"preferred_username":"demo@miniorange.co.in","given_name":"Demo"}
**/

print('Userinfo is : ' + userInfo)