Line 79:
Line 79:
−
The you must set parameters and options of your openid connect service. From v21, you can enable the module OpenIDConnect to edit them. From v18 to v20, you must edit them from menu Home - Setup - Other.
+
==== Dolibarr application setup ====
+
+
Then you must set parameters and options of your openid connect service. From v21, you can enable the module OpenIDConnect to edit them. From v18 to v20, you must edit them from menu '''Home - Setup - Other'''.
−
==== Dolibarr application setup ====
−
The final configuration step is to create the following values in '''Home > Setup > Other Setup'''.
{| class="wikitable"
{| class="wikitable"
!Name
!Name
Line 88:
Line 88:
!Comment
!Comment
!Description
!Description
−
|-
−
|<code>MAIN_AUTHENTICATION_OPENID_URL</code>
−
|See above
−
|OpenID Connect URL
−
|Composed OpenID Connect URL
−
|-
−
|<code>MAIN_LOGOUT_GOTO_URL</code>
−
|See above
−
|Identity Provider logout URL
−
|Composed IdP logout URL
|-
|-
|<code>MAIN_AUTHENTICATION_OIDC_CLIENT_ID</code>
|<code>MAIN_AUTHENTICATION_OIDC_CLIENT_ID</code>
Line 108:
Line 98:
|OpenID Connect Client Secret
|OpenID Connect Client Secret
|Application client secret
|Application client secret
+
|-
+
|<code>MAIN_AUTHENTICATION_OIDC_AUTHORIZE_URL</code>
+
|<code><nowiki>https://tenant.us.auth0.com/oauth/authorize</nowiki></code>
+
|OpenID Authorize URL
+
|<code>/authorize</code> endpoint
|-
|-
|<code>MAIN_AUTHENTICATION_OIDC_TOKEN_URL</code>
|<code>MAIN_AUTHENTICATION_OIDC_TOKEN_URL</code>
Line 128:
Line 123:
|OpenID Connect login claim
|OpenID Connect login claim
|OpenID Connect claim matching the Dolibarr user login. If not set or empty, defaults to <code>email</code>
|OpenID Connect claim matching the Dolibarr user login. If not set or empty, defaults to <code>email</code>
+
|-
+
|<code>MAIN_LOGOUT_GOTO_URL</code>
+
|See later
+
|Identity Provider logout URL
+
|Composed IdP logout URL
|}
|}
Line 134:
Line 134:
====Composing <code>MAIN_AUTHENTICATION_OPENID_URL</code>====
====Composing <code>MAIN_AUTHENTICATION_OPENID_URL</code>====
+
+
The MAIN_AUTHENTICATION_OPENID_URL will be generated (but if you prefer, you can set it manually from Home - Setup - Other) to
+
+
<pre>
+
MAIN_AUTHENTICATION_OIDC_AUTHORIZE_URL?client_id=MAIN_AUTHENTICATION_OIDC_CLIENT_ID&redirect_uri=mydolibarr/core/modules/openid_connect/callback.php&scope=MAIN_AUTHENTICATION_OIDC_SCOPES&response_type=code
+
</pre>
This is the main OpenID Connect authentication URL, which allows the user to log in and then be redirected back to Dolibarr. It makes use of some already existing OpenID 2.0 features.
This is the main OpenID Connect authentication URL, which allows the user to log in and then be redirected back to Dolibarr. It makes use of some already existing OpenID 2.0 features.
Line 161:
Line 167:
|OAuth flow name, here we use <code>code</code> for the Authorization Code flow
|OAuth flow name, here we use <code>code</code> for the Authorization Code flow
|<code>code</code>
|<code>code</code>
+
|-
+
|state
+
|A number
+
|1234568
|}
|}
<br />
<br />
−
# The final MAIN_AUTHENTICATION_OPENID_URL content should be like: <code><nowiki>https://tenant.us.auth0.com/authorize?client_id=My-Super-Awesome-Client-ID-1234&redirect_uri=https%3A%2F%2Fdolibarr.domain.com%2F%3Fopenid_mode%3Dtrue&scope=openid</nowiki> profile email&response_type=code</code>
+
The final MAIN_AUTHENTICATION_OPENID_URL content should be like: <code><nowiki>https://tenant.us.auth0.com/authorize?client_id=My-Super-Awesome-Client-ID-1234&redirect_uri=https%3A%2F%2Fdolibarr.domain.com%2F%3Fopenid_mode%3Dtrue&scope=openid</nowiki> profile email&response_type=code&state=anumber</code>
<br />
<br />