Home

Custom OIDC compatible Auth

Learn how to setup your custom OIDC compatible auth

OIDC authentication setup is a viable choice when leveraging an external authentication provider such as Auth0, Cognito, etc., that offers JWK publication for token authenticity verification.

An OIDC authentication framework employs a public-private key pair, utilizing the private key to sign authentication tokens. The public key is made accessible via a public URL in JWKS format, typically found at https://{domain}.com/.well-known/jwks.json. When a user logs in, an idToken, a JWT, is produced and signed with the private key, following OIDC specifications for token field requirements. This JWT is then used within the embedded signer to create a user wallet.

The verification of the JWT against the public key confirms its authenticity, allowing wallet generation based on the subject (user identifier) within the idToken.

Input Requirements:

  • JWKS File URL (public key): Validates the token's authentic signature.
  • idToken's aud value: Confirms that the intended recipient of the token is correct.

Authenticating Users with OIDC-Compatible Authentication#

Set up your provider#

To set up your OIDC Authentication with Openfort, visit your dashboard provider settings.

oidc auth

Prepare your s#

Client-side Integration#


_10
import Openfort from "@openfort/openfort-js";
_10
const openfort = new Openfort(process.env.NEXT_PUBLIC_OPENFORT_PUBLIC_KEY!);
_10
_10
function loginWithOIDC() {
_10
const token = await openfort.authenticateWithThirdPartyProvider("oidc", idToken, TokenType.IdToken);
_10
}

Uppon successful authentication, the SDK will return:

response.json

_12
{
_12
"id": "pla_cc9ed2b7-c5f5-4c43-8dca-c4b104ba1762",
_12
"object": "player",
_12
"createdAt": 1710976453,
_12
"linkedAccounts": [
_12
{
_12
"provider": "oidc",
_12
"disabled": false,
_12
"externalUserId": "2"
_12
}
_12
]
_12
}