Skip to main content

OIDC / OAuth third-party applications

Logto is an identity service built on the OpenID Connect (OIDC) protocol, providing both authentication and authorization capabilities. This make integrating an OIDC third-party app as straightforward as traditional web application.

Thus due to OIDC builds upon OAuth 2.0 adding an authentication layer, you can also integrate third-party app using OAuth protocol.

Set up the OIDC configurations​

note

Before setting up the OIDC configurations, please ensure you've created an OIDC third-party application.

  1. Provide the redirect URI of your OIDC third-party application. This is the URL that the third-party application will redirect users to after they are authenticated by Logto. You can usually find this information in the third-party application's IdP connection settings page.

  2. Retrieve the client ID and client secret from Logto application details page and enter them into your service provider's IdP connection settings page.

  3. Retrieve the authorization endpoint and token endpoint from Logto application details page and provide them to your service provider. If your service provider supports OIDC discovery, you can simply copy the discovery endpoint from Logto application details page and provide it to your service provider. The service provider will be able to retrieve all the up to date OIDC authentication information from the discovery endpoint automatically. Otherwise, click on the Show endpoint details button to view all the OIDC authentication endpoints.

For security reasons, all the OIDC third-party applications will be redirected to a consent screen for user authorization after they are authenticated by Logto.

All the third-party requested user profile permissions, API resource scopes, organization permissions, and organization membership information will be displayed on the consent screen.

These requested permissions will be granted to the third-party applications only after the user clicks on the "Authorize" button.

consent screen

Further actions​

Using Logto as an third-party identity provider (IdP)