OIDCAuthProviderConfig interface
Stay organized with collections
Save and categorize content based on your preferences.
The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth provider configuration interface. An OIDC provider can be created via BaseAuth.createProviderConfig().
Signature:
export interface OIDCAuthProviderConfig extends BaseAuthProviderConfig
Extends: BaseAuthProviderConfig
Properties
Property |
Type |
Description |
clientId |
string |
This is the required client ID used to confirm the audience of an OIDC provider's [ID token](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken). |
clientSecret |
string |
The OIDC provider's client secret to enable OIDC code flow. |
issuer |
string |
This is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. [/.well-known/openid-configuration ](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following: - To verify the provided issuer.
- Determine the authentication/authorization endpoint during the OAuth
id_token authentication flow. - To retrieve the public signing keys via
jwks_uri to verify the OIDC provider's ID token's signature. - To determine the claims_supported to construct the user attributes to be returned in the additional user info response.
ID token validation will be performed as defined in the [spec](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation). |
responseType |
OAuthResponseType |
The OIDC provider's response object for OAuth authorization flow. |
OIDCAuthProviderConfig.clientId
This is the required client ID used to confirm the audience of an OIDC provider's [ID token](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
Signature:
clientId: string;
OIDCAuthProviderConfig.clientSecret
The OIDC provider's client secret to enable OIDC code flow.
Signature:
clientSecret?: string;
OIDCAuthProviderConfig.issuer
This is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. [/.well-known/openid-configuration
](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following:
- To verify the provided issuer.
- Determine the authentication/authorization endpoint during the OAuth
id_token
authentication flow. - To retrieve the public signing keys via
jwks_uri
to verify the OIDC provider's ID token's signature. - To determine the claims_supported to construct the user attributes to be returned in the additional user info response.
ID token validation will be performed as defined in the [spec](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).
Signature:
issuer: string;
OIDCAuthProviderConfig.responseType
The OIDC provider's response object for OAuth authorization flow.
Signature:
responseType?: OAuthResponseType;
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2022-07-29 UTC.
[null,null,["Last updated 2022-07-29 UTC."],[],[],null,["# OIDCAuthProviderConfig interface\n\nThe \\[OIDC\\](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth provider configuration interface. An OIDC provider can be created via [BaseAuth.createProviderConfig()](./firebase-admin.auth.baseauth.md#baseauthcreateproviderconfig).\n\n**Signature:** \n\n export interface OIDCAuthProviderConfig extends BaseAuthProviderConfig \n\n**Extends:** [BaseAuthProviderConfig](./firebase-admin.auth.baseauthproviderconfig.md#baseauthproviderconfig_interface)\n\nProperties\n----------\n\n| Property | Type | Description |\n|----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| [clientId](./firebase-admin.auth.oidcauthproviderconfig.md#oidcauthproviderconfigclientid) | string | This is the required client ID used to confirm the audience of an OIDC provider's \\[ID token\\](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken). |\n| [clientSecret](./firebase-admin.auth.oidcauthproviderconfig.md#oidcauthproviderconfigclientsecret) | string | The OIDC provider's client secret to enable OIDC code flow. |\n| [issuer](./firebase-admin.auth.oidcauthproviderconfig.md#oidcauthproviderconfigissuer) | string | This is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. \\[`/.well-known/openid-configuration`\\](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following: - To verify the provided issuer. - Determine the authentication/authorization endpoint during the OAuth `id_token` authentication flow. - To retrieve the public signing keys via `jwks_uri` to verify the OIDC provider's ID token's signature. - To determine the claims_supported to construct the user attributes to be returned in the additional user info response. ID token validation will be performed as defined in the \\[spec\\](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation). |\n| [responseType](./firebase-admin.auth.oidcauthproviderconfig.md#oidcauthproviderconfigresponsetype) | [OAuthResponseType](./firebase-admin.auth.oauthresponsetype.md#oauthresponsetype_interface) | The OIDC provider's response object for OAuth authorization flow. |\n\nOIDCAuthProviderConfig.clientId\n-------------------------------\n\nThis is the required client ID used to confirm the audience of an OIDC provider's \\[ID token\\](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).\n\n**Signature:** \n\n clientId: string;\n\nOIDCAuthProviderConfig.clientSecret\n-----------------------------------\n\nThe OIDC provider's client secret to enable OIDC code flow.\n\n**Signature:** \n\n clientSecret?: string;\n\nOIDCAuthProviderConfig.issuer\n-----------------------------\n\nThis is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. \\[`/.well-known/openid-configuration`\\](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following:\n\n- To verify the provided issuer.\n- Determine the authentication/authorization endpoint during the OAuth `id_token` authentication flow.\n- To retrieve the public signing keys via `jwks_uri` to verify the OIDC provider's ID token's signature.\n- To determine the claims_supported to construct the user attributes to be returned in the additional user info response.\n\nID token validation will be performed as defined in the \\[spec\\](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).\n\n\u003cbr /\u003e\n\n**Signature:** \n\n issuer: string;\n\nOIDCAuthProviderConfig.responseType\n-----------------------------------\n\nThe OIDC provider's response object for OAuth authorization flow.\n\n**Signature:** \n\n responseType?: OAuthResponseType;"]]