OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol. It allows clients to verify the identity of end-users based on authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner.
The OIDC plugin:
- Connects to OpenID Connect identity providers to scan and extract cryptographic assets from their public endpoints.
- Retrieves key metadata and validates key formats.
- Exports certificate and public key data in PEM format along with comprehensive metadata.
Note: The OIDC plugin does not support incremental scanning
The plugin works with any standards-compliant OIDC provider, including:
OIDC Provider | Login URL |
|---|---|
Google Identity Platform | https://accounts.google.com/ |
Microsoft Azure AD | https://login.microsoftonline.com/{tenant} |
Auth0 | https://{domain}.auth0.com |
GitHub Actions | https://token.actions.githubusercontent.com/ |
Amazon Cognito | https://cognito-idp.{region}.amazonaws.com/{userPoolId} |
Keycloak | https://{keycloak-server}/auth/realms/{realm} |
Okta | https://{domain}.okta.com/oauth2/default |