.oidc_provider

Instructions and schema for SSO Login by OIDC

To support authenticating users with Single Sign-On (SSO) credentials (instead of CHT-specific usernames/passwords), the CHT can integrate with an external authorization server that supports the OpenID Connect (OIDC) protocol. Configure the OIDC Provider connection settings under the oidc_provider key:

app_settings.json .oidc_provider

propertytyperequireddescription
client_idStringyesThe unique key identifying your CHT application in your OIDC Provider.
discovery_urlStringyesThe URL to the .well-known OIDC configuration discovery endpoint for your OIDC Provider. Must be HTTPS unless allow_insecure_requests is true.
allow_insecure_requestsBooleannoOptional configuration (NOT for production use). If true, the discovery_url can use the HTTP protocol (instead of HTTPS). Default is false.

When using SSO Login, the app_url setting must also be defined. Also, your CHT application’s client secret from the OIDC Provider must be securely configured in your CHT instance with the Credentials API using the key oidc:client-secret.

Only users with the oidc_username property can log in with SSO.

Code sample

The definition takes the typical form below:

"oidc_provider": {
  "client_id": "60f18991-1eae-4825-a579-44190cbbe51d",
  "discovery_url": "https://my.oidc-provider.org/realms/master/.well-known/openid-configuration"
},
"app_url": "https://my.cht.org"

Host > SSO

Setting up Single Sign On with the CHT

Build > Concepts > Access : Single Sign on Oidc Login

Starting up a digital health app

Build > Reference > API : Login by Oidc

RESTful Application Programming Interfaces for integrating with CHT applications

Build > Reference > app_settings.json : App Settingsjson

Settings: The primary location of settings for CHT applications

Build > Reference > app_settings.json > .token_login

Token login: Instructions and schema for Login by SMS

Last updated on

Did this documentation help you ?