

<pre>
\\
The plugin supports __OpenID Connect__ ([https://en.wikipedia.org/wiki/OpenID]), an authentication protocol built on the OAuth 2.0 ([https://en.wikipedia.org/wiki/OAuth]) authorization framework. It facilitates user identity verification and enables single sign-on (SSO) capabilities, streamlining the authentication process for users.\\
\\
__Constraints__: It only works through __HTTP__ or __HTTPS__ protocol. __Authorization Code Flow__ is supported (Implicit Flow or Hybrid Flow are not supported). It requires __Enterprise License__.\\
\\
!!!1. IDP general configuration\\
\\
!!!2. Plugin Configuration\\
\\
!1.1 Identity Provider related settings\\
\\
[attachments|CrushOIDC/oidc_idp_related_plugin_settings.png]\\
\\
__1.__ OpenID Configuration URL: \\
\\
__Dynamic endpoint__:\\
\\
This HTTP URL is part of the OpenID Connect (OIDC) Discovery mechanism. It follows a standard called __RFC 5785__ ([https://datatracker.ietf.org/doc/html/rfc5785]), which defines the use of __.well-known__ URIs for discovering metadata about services. It queries this HTTP endpoint to configure itself dynamically, avoiding hard-coded values. This JSON document includes important endpoints and details like:\\
•	Authorization endpoint\\
•	Token endpoint\\
•	User info endpoint\\
•	Supported scopes and claims\\
•	Public keys for verifying tokens\\
\\
List of __.well-known__ URLs for various identity providers and services that support OpenID Connect (OIDC):\\
{{{
Google:              https://accounts.google.com/.well-known/openid-configuration
Microsoft Azure AD:  https://login.microsoftonline.com/{tenant_id}/v2.0/.well-known/openid-configuration
Microsoft Azure B2C: https://{tenant_name}.b2clogin.com/{tenant_name}.onmicrosoft.com/{policy}/v2.0/.well-known/openid-configuration
Amazon (Cognito):    https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/openid-configuration
Okta:                https://{yourOktaDomain}/.well-known/openid-configuration
Auth0:               https://{yourDomain}.auth0.com/.well-known/openid-configuration
Dropbox:             https://www.dropbox.com/.well-known/openid-configuration
}}}
\\
__Local endpoint__:\\
\\
You can reference a local JSON file. It is useful in case that IDP does not support open id connect but it support Oauth2 (Like Box cloud storage).

</pre>