GridGain Developers Hub

OpenID Connect Authorization

You can set up OpenID authorization for users to log in to Control Center with their OpenID accounts.

Get OpenID Credentials

First, set up OpenID credentials for your chosen OpenID provider. Specify the following parameters in your configuration:

Scopes

Specify openid, profile, and email scopes in OpenID provider configuration.

Redirect URI

Redirect URI is required for your OpenID provider to know where to send responses to user authorization requests. The URI for Control Center uses the http://{host}:{port}/api/v1/oauth2/login/{providerName}, where providerName is the name you specify in the configuration file on the following step.

For example, if you use Google as a provider and run Control Center on localhost:3000, your redirect URI is:

http://localhost:3000/api/v1/oauth2/login/google

If frontend and backend have different hosts or ports, set a control.base-url value equal to frontend URI, for example https://example.com:1234.

Client ID and Secret

OpenID provider generates ID and secret, which should then be specified in the configuration file.

Add OpenID to Configuration

To connect Control Center to your OpenID provider, add OpenID configuration to the Configuration file.

The following configuration sets up a connection to Google’s OAuth 2.0 API:

spring.security.oauth2.client:
    # Define client credentials.
    registration:
        # You can specify any name as long as it is consistent
        # with the name in the provider section and redirect URI.
        google:
            client-id: {your-ID}
            client-secret: {your-secret}
    # Define your OpenID provider endpoints.
    # Most services provide this  information on a .well-known page.
    # For this example we use Google endpoints,
    # taken from the https://accounts.google.com/.well-known/openid-configuration page.
    provider:
        google:
            authorization-uri: https://accounts.google.com/o/oauth2/v2/auth # authorization_endpoint
            token-uri: https://oauth2.googleapis.com/token # token_endpoint
            jwk-set-uri: https://www.googleapis.com/oauth2/v3/certs # jwks_uri

After the configuration is set up, restart Control Center. Users will be able to log in by using their OpenID credentials.