# OpenID Connect #### Introduction Trustelem supports authorization code and implicit flows, as well as the [OpenID Connect Discovery 1.1](https://openid.net/specs/openid-connect-discovery-1_0.html) standard. #### If your application support the discovery standard You need to configure the application with the following settings: * **ClientID** ```exp trustelem.oidc.gi2dXXXX ``` * **ClientSecret** ```exp kmzHGEKEKFH51r0xXXXXXXXXXXXXX ``` * **Issuer** ```exp https://mydomain.trustelem.com/app/150XXX ``` * **Metadata URL** (if required) ```exp https://mydomain.trustelem.com/app/150XXX/.well-known/openid-configuration ``` #### If your application does not support the discovery standard Additional parameters are necessary: * **Authorize endpoint** ```exp https://mydomain.trustelem.com/app/150XXX/auth ``` * **Token endpoint** ```exp https://mydomain.trustelem.com/app/150XXX/token ``` * **User Info endpoint** ```exp https://mydomain.trustelem.com/app/150XXX/userinfo ``` * **JWKS** ```exp {"keys":[{"kty":"RSA","use":"sig","kid":"150XXX","alg":"RS256","n":"XXX...XXX","e":"AQAB"}]} ``` #### Note * **RedirectURI:** this URL has to be the same as the one defined in the application. *For example, the URL could be:* ***`https://myapplication.tld/redirect_uri`*** * **Login URL:** the application's URL starting the OpenID Connect flow. It is used as a target to the application on the Trustelem user's dashboard. *For example, the URL could be:* ***`https://myapplication.tld/sso-login`*** * For logging out users from inside the application, you have to associate a logout URL to an HTML element like a button or a link. This URL is defined by the redirect_uri with a ***logout=*** parameter and the post-logout URL in a URL-encoded format. *For example, the logout URL could be:* ***`https://myapplication.tld/redirect_uri?logout=https%3A%2F%2Fmyapplication.tld`*** * **PostLogoutRedirectURI:** the URL that indicates where to go after a logout. It is usually defined in the logout HTML element of your application. *With the previous logout example, the PostLogout URL would be:* ***`https://myapplication.tld`***