The OIDC (OAuth) authentication method is designed to configure the standard OAuth 2.0 flow, which requires the use of client or user secrets.
Currently only the Customer Credentials and Resource Owner Password grant types of the OIDC are supported.
This topic describes only how to fill in fields specific for OIDC connect (OAuth) (the Setup tab). For general steps, see Creating Authentication).
Before following the instructions below, ensure that your application and authenticated resources are accessible to the Bright engine, either directly from the Internet or via the Repeater.
From the Authentication type drop-down list, select OpenID Connect (OAuth), and then proceed to the authentication details.
In this section, set up a valid authentication request to be sent to the end-point API by completing the provided fields.
|Discovery document URL||Provide a discovery document URL (https://your_host/.well-known/openid-configuration) to populate endpoint URLs automatically or leave this field empty to enter endpoint URLs manually.|
From the drop-down list, select the grant type you need:
|Token Endpoint||Obtain an access and/or ID token by presenting an authorization grant or refresh token.|
|Client ID||Enter your application client ID, unique client identifier preregistered in OpenID Provider.|
|Client Secret||Enter your application client secret, used to authenticate to the Token Endpoint.|
|Enter the resource owner username.|
|Enter the resource owner password.|
|Scope||(Optional) Enter a space-separated list of scopes.|
|Audience||(Optional) Enter the intended recipient of the token.|
Select where to embed the token in the request.
In this section, select the options you want to use during the application scanning to determine that the authenticated resource has been reached. The options define how the application responds in case a full authentication flow passes successfully.
|Detect using Response STATUS||Enter the HTTP response status that will tell you about the authentication success.|
|Detect using Response HEADER pattern||
Enter the header name and Regex pattern that will help you identify the authentication success.For example, you can use a simple Regex pattern, such as
|Detect using Response BODY pattern||
Enter the body pattern that will help you identify the authentication success. For example, this Regex pattern detects a body looking for a UUID in a
Bright allows testing a scan before saving it. For details, see the Testing Authentication.
Updated 11 days ago