OpenID Connect

To become familiar with OpenID Connect in Budibase, see:

Configuration

Create the application

Create the budibase application using a new 'App Registration'

Add the application name

Ignore the Redirect URI for now.

Find your configuration details

Configuration URL

Visit 'Overview' > 'Endpoints'.

Use the OpenID Connect metadata document field as your Configuration URL in Budibase.

Client ID

Visit 'Overview'

Use the Application (client) ID field as your Client ID in Budibase.

Client Secret

Visit 'Certificates & secrets', click on 'Add client secret', give your secret a description / expiry and save.

View your newly created secret

Use the Value field as your Client Secret in Budibase.

Add your callback URL

Visit 'Authentication' and enter your callback URL

OpenID Connect

To become familiar with OpenID Connect in Budibase, see:

Configuration

Create the application

Create the budibase application in your Applications list.

Select 'Regular Web Applications'.

Find your configuration details

Visit the 'Settings' tab in your application.

Configuration URL

Use the Domain field to construct your Configuration URL in Budibase. e.g. https://{domain}/.well-known/openid-configuration

Client ID

Use the Client ID field as your Client ID in Budibase.

Client Secret

Use the Client Secret field as your Client ID in Budibase.

Add your callback URL

Scroll down to the 'Application URIs' section and enter your callback URL

OpenID Connect

Use the OpenID Connect protocol to integrate with an identity provider of your choosing.

Follow the guide below to become familiar with the OpenID Connect configuration form in Budibase.

Examples

Guides on how to setup OpenID Connect with some of the most common providers can be seen below:

Google

Budibase also comes with an out of the box integration with Google single sign-on.

OpenID Connect

To become familiar with OpenID Connect in Budibase, see:

Configuration

Create the application

Create the budibase application in your Applications list.

Type 'openid connect' and select 'Openid Connect (OIDC)'

Give your application a name and save

Visit the 'SSO' tab and choose

• 'Application Type' = 'Web'

• 'Authentication Method' = 'POST'

Find your configuration details

Visit the 'SSO' tab in your application.

Client ID

Use the Client ID field as your Client ID in Budibase.

Client Secret

Use the Client Secret field as your Client ID in Budibase.

Configuration URL

Use the Issuer URL field to construct your Configuration URL in Budibase. e.g. https://{Issuer URL}/.well-known/openid-configuration

Add your callback URL

Visit the 'Configuration' tab in your application and enter your callback URL

OpenID Connect

To become familiar with OpenID Connect in Budibase, see:

Configuration

Create the application

Create the budibase application in your Applications list.

Select 'OIDC - OpenID Connect' and 'Web Application'

Enter your application name on the next screen and save.

Find your configuration details

Visit the 'General' tab in your application.

Client ID

Use the Client ID field as your Client ID in Budibase.

Client Secret

Use the Client Secret field as your Client ID in Budibase.

Configuration URL

Visit the 'Sign On' tab in your application.

Use the Issuer field to construct your Configuration URL in Budibase. e.g. https://{Issuer}/.well-known/openid-configuration

Add your callback URL

Visit the 'General' tab in your application, scroll down and edit the 'General Settings' section. Enter your callback URL

OpenID Connect (OIDC) is a simple identity layer built on top of the OAuth 2.0 protocol, which allows clients to verify the identity of an end user based on the authentication performed by an authorization server or identity provider (IdP), as well as to obtain basic profile information about the end user.

Setup

To enable OIDC for your IdP follow the setup steps below.

Configure your IdP

Any provider that supports the OIDC protocal can be integrated into Budibase, you may even implement your own.

Guides on how to setup some of the most common providers can be seen below:

See also:

Callback URL

• During your configuration you will need to enter the Callback URL for your Budibase installation.

• For example: https://{your-budibase-host.com}/api/admin/auth/oidc/callback

Configure OIDC in Budibase

To configure an OIDC integration in Budibase visit the Auth section of the builder.

Fill in the following options from your IdP:

• Config URL

  • For example: https://{your-identity-provider.com}/.well-known/openid-configuration

• Client ID

  • Your unique ID issued by your IdP

• Client Secret

  • Your unique secret issued by your IdP

Save the configuration to enable OIDC on your login page.

Customize your login

Use the login configuration options to customize the OIDC login button.

Fill in either of the following:

• Name

  • The name on the login button. This will be substituted at Sign in with {name}

• Icon

  • The icon on the login button. Choose from:

    • One of the default icons

    • Upload a custom icon

Important information

Some additional details on the OIDC integration are highlighted below.

User provisioning

Unlike the Google integration which requires a local user account to exist in advance, OIDC users are created in Budibase automatically when they log in for the first time. It is important that only the users you wish to access Budibase have been assigned to the application configured in your IdP.

You may still use email onboarding to create an account for a user in advance, provided the email matches the user's email in your IdP.

Budibase currently supports Google OAuth in addition to the built-in authentication solution. To enable it you need to configure it correctly with details from the Google dashboard. You will need your Client ID, secret and Callback URL.

The callback URL you should generally use is the one that authenticates directly with budibase. It is /api/admin/auth/google/callback

To become familiar with OpenID Connect in Budibase, see:

Configuration

Add a Client

Create a new client by visiting the 'Clients' pane from the left hand side of your Keycloak admin console. Then give it an ID and select 'openid-connect' from the dropdown. Alternatively bypass this step if you have a client already created.

Configure the Client

In the Client configuration screen (accessed by clicking on the Client ID within the Clients pane), change the 'Access Type' dropdown to be 'Confidential'.

Next add the Callback URL to the 'Valid Redirect URIs' field ands then click 'Save'

Find your configuration details

Client ID

The Client ID field in Budibase should be the same ID as you gave the Client in Keycloak earlier.

Client Secret

You can find the Client Secret from the Credentials tab in the Client Configuration screen

Configuration URL

Visit the 'Realms' pane from the left hand side of your Keycloak admin console. Then click on the OpenID Endpoint Configuration link and copy the URL that opens.