Authenticating Users with OpenID Connect (OIDC)
OpenID Connect (OIDC) is an identity verification protocol that allows users to securely sign in to applications using trusted identity providers (IdPs) such as Google, Microsoft, Okta, and Auth0. OIDC is built on top of OAuth 2.0, adding an authentication layer that enables applications to verify user identities while also obtaining authorization tokens.
By enforcing OIDC authentication at the network edge, you can:
š Ensure only authenticated users can access your services.
ā” Offload authentication to a trusted provider, simplifying backend logic.
š” Enhance security by requiring identity verification before forwarding requests.
š What are the Benefits of Using OIDC for Authentication?ā
OIDC provides secure, standardized authentication that integrates seamlessly with modern identity providers. It enables single sign-on (SSO), multi-factor authentication (MFA), and user identity verification.
Key Benefits:
- User Authentication & Identity Verification: Verify who is accessing your service, not just what permissions they have.
- Seamless Single Sign-On (SSO): Allow users to sign in once and access multiple applications.
- Supports Major Identity Providers: Works with Google, Microsoft, Okta, Auth0, and other IdPs.
- Enhances Security: Enforces secure login flows, multi-factor authentication (MFA), and token-based verification.
- Reduces Backend Complexity: Authentication happens before requests reach your application, eliminating the need for custom auth logic.
OIDC Examplesā
The following examples show how to provide your app with an authentication step.
When you create your own OIDC app, you must specify a 'Callback URL' or 'Redirect URL' to the OIDC provider. When using ngrok's OIDC action, that Callback URL is always:
Loadingā¦
Check out the OIDC traffic policy action page for more details about how it functions and the parameters it accepts. Consult the list of supported providers for step-by-step integration guides for each.
- AgentEndpoint
- CloudEndpoint
- Ingress
- Gateway API
Loadingā¦
Loadingā¦
š” Ingress
resources do not natively support OIDC authentication, but they can be extended using a traffic policy.
1. Create an NgrokTrafficPolicy
ā
Loadingā¦
2. Use the NgrokTrafficPolicy
on an Ingress
ā
Loadingā¦
š” Gateway API resources do not natively support OIDC authentication, but they can be extended using a traffic policy.
1. Create an NgrokTrafficPolicy
ā
Loadingā¦
2. Use the NgrokTrafficPolicy
on a Gateway
ā
The following example showcases supplying the NgrokTrafficPolicy
on a Gateway
resource. All requests to the Gateway
will run the traffic policy.
If you prefer, NgrokTrafficPolicy
can also be used on the route level by using an externalRef
filter on an HTTPRoute
. See the using Gateway API guide for examples.
Loadingā¦