tronline
Reputation: 117
GCIP - enable authorization code grant flow using OIDC based external provider
Trying to configure GCIP with Salesforce Identity as IDP. Tried configuring OIDC based integration. Noticed that there is no field for providing (sfdc) client secret for OIDC based configuration. Also, the response_type=id_token is getting invoked from GCIP side. We want to use authorization code flow (response_type=code) to integrate with SFDC. Is it possible?
Upvotes: 0
Views: 342
Answers (1)
bojeil
Reputation: 30858
Code flow for OIDC providers is supported on the GCIP backend. It is just not yet exposed in the Cloud Console or the Admin SDKs.
Notice it is documented here in the REST API.
You will need to set {code: true}
Here is a snippet in Node.js (untested):
// https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.oauthIdpConfigs/patch
return new Promise((resolve, reject) => {
request({
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json',
},
url: `https://identitytoolkit.googleapis.com/admin/v2/projects` +
`/${projectId}/oauthIdpConfigs/${oidcProviderId}?updateMask=responseType`,
method: 'PATCH',
body: JSON.stringify({
responseType: {
idToken: true,
code: true,
}
}),
}, (error, response) => {
if (!error && response.statusCode === 200) {
resolve();
} else {
reject(error);
}
});
});
});
Upvotes: 2
Related Questions
- Using Google OIDC with code flow and PKCE
- How to set up gcloud to use credentials from identity federation with OIDC
- GCP - Identity Aware Proxy - How to Retrieve OAuth 2.0 Credentials?
- External OIDC provider with GKE
- Forwarding OAuth 2 credentials from an authenticated request (in GCP specifically)
- GCP endpoint integration with identity platform
- GCP Identity Platform with Google IDP
- Link/connect Google oidc external provider with aws cognito
- Identity Aware Proxy(IAP) in GCP
- Google Identity Platform 3rd party access?