Host > SSO
Setting up Single Sign On with the CHT
.oidc_provider
Instructions and schema for SSO Login by OIDC
To support authenticating users with Single Sign-On (SSO) credentials (instead of CHT-specific usernames/passwords), the CHT can integrate with an external authorization server that supports the OpenID Connect (OIDC) protocol. Configure the OIDC Provider connection settings under the oidc_provider key:
app_settings.json .oidc_provider
| property | type | required | description |
|---|---|---|---|
| client_id | String | yes | The unique key identifying your CHT application in your OIDC Provider. |
| discovery_url | String | yes | The URL to the .well-known OIDC configuration discovery endpoint for your OIDC Provider. Must be HTTPS unless allow_insecure_requests is true. |
| allow_insecure_requests | Boolean | no | Optional configuration (NOT for production use). If true, the discovery_url can use the HTTP protocol (instead of HTTPS). Default is false. |
When using SSO Login, the app_url setting must also be defined. Also, your CHT application’s client secret from the OIDC Provider must be securely configured in your CHT instance with the Credentials API using the key oidc:client-secret.
Only users with the oidc_username property can log in with SSO.
Code sample
The definition takes the typical form below:
"oidc_provider": {
"client_id": "60f18991-1eae-4825-a579-44190cbbe51d",
"discovery_url": "https://my.oidc-provider.org/realms/master/.well-known/openid-configuration"
},
"app_url": "https://my.cht.org"Related Content
Build > Concepts > Access : Single Sign on Oidc Login
Starting up a digital health app
Build > Reference > API : Login by Oidc
RESTful Application Programming Interfaces for integrating with CHT applications
Build > Reference > app_settings.json : App Settingsjson
Settings: The primary location of settings for CHT applications
Build > Reference > app_settings.json > .token_login
Token login: Instructions and schema for Login by SMS
Last updated on
Did this documentation help you ?