\\
The plugin supports __OpenID Connect__ ([https://en.wikipedia.org/wiki/OpenID]), an authentication protocol built on the OAuth 2.0 ([https://en.wikipedia.org/wiki/OAuth]) authorization framework. It facilitates user identity verification and enables single sign-on (SSO) capabilities, streamlining the authentication process for users.\\
\\
__Constraints__: It only works through __HTTP__ or __HTTPS__ protocol. __Authorization Code Flow__ is supported (Implicit Flow or Hybrid Flow are not supported). It requires __Enterprise License__.\\
\\
!!!1. IDP general configuration\\
\\
!!!2. Plugin Configuration\\
\\
!1.1 Identity Provider related settings\\
\\
[attachments|CrushOIDC/oidc_idp_related_plugin_settings.png]\\
\\
__1.__ OpenID Configuration URL: \\
\\
__Dynamic endpoint__:\\
\\
This HTTP URL is part of the OpenID Connect (OIDC) Discovery mechanism. It follows a standard called __RFC 5785__ ([https://datatracker.ietf.org/doc/html/rfc5785]), which defines the use of __.well-known__ URIs for discovering metadata about services. It queries this HTTP endpoint to configure itself dynamically, avoiding hard-coded values. This JSON document includes important endpoints and details like:\\
•	Authorization endpoint\\
•	Token endpoint\\
•	User info endpoint\\
•	Supported scopes and claims\\
•	Public keys for verifying tokens\\
\\
List of __.well-known__ URLs for various identity providers and services that support OpenID Connect (OIDC):\\
{{{
Google:              https://accounts.google.com/.well-known/openid-configuration
Microsoft Azure AD:  https://login.microsoftonline.com/{tenant_id}/v2.0/.well-known/openid-configuration
Microsoft Azure B2C: https://{tenant_name}.b2clogin.com/{tenant_name}.onmicrosoft.com/{policy}/v2.0/.well-known/openid-configuration
Amazon (Cognito):    https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/openid-configuration
Okta:                https://{yourOktaDomain}/.well-known/openid-configuration
Auth0:               https://{yourDomain}.auth0.com/.well-known/openid-configuration
Dropbox:             https://www.dropbox.com/.well-known/openid-configuration
}}}\\
\\
__Local endpoint__:\\
\\
You can reference a local JSON file if the identity provider (IdP) does not support OpenID Connect but does support OAuth 2.0 (e.g., Box cloud storage). Instead of specifying an HTTP URL, provide the path to a local file, such as:\\
{{{
./box_open_id_config.json
}}}\\
\\
The JSON file should contain the authorization endpoint. Example for Box cloud storage:
{{{
{
	"authorization_endpoint":"https://account.box.com/api/oauth2/authorize",
	"token_endpoint":"https://api.box.com/oauth2/token"
}
}}}
\\