OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner. In technical terms, OpenID Connect specifies a RESTful HTTP API, using JSON as a data format.
OpenID Connect allows a range of clients, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, supporting optional features such as encryption of identity data, discovery of OpenID Providers, and session management.
To configure translate5 to work with OpenId connect is very simple. Navigate to the clients tab in your translate5 instance, and under the OpenId connect field-set there are OpenId configuration fields which needs to be set.
translate5 domain: the used translate5 instance url (ex: https://translate5.net/). This is also the url which the user will be redirected after the OpenId authentication.
OpenId server: OpenId authentication server url (ex: https://accounts.google.com)
OpenId user name: OpenId authentication server username
OpenId password: OpenId authentication server password
OpenId OAuth URL: OpenId authentication server OAuth url (ex: https://accounts.google.com/o/oauth2/auth). Also used to fetch the openid server properties (ex: https://accounts.google.com/o/oauth2/auth/.well-known/openid-configuration)
System Roles: translate5 internal user roles, which will be assigned to the user logged in via openid connect. If the openid is configured to do role-based authentication/authorization, the roles coming from the response will be validated and applied.
Link text on login page: redirect lable text in the login page for the openid server. When the checbox bellow the lable is checked, the user will be directly redirected to the openid server for authentication/authorization.