SqlOS

AuthServer

Custom OIDC

Connect any OIDC-compliant provider.

2 sections

Discovery-based setup#

For providers that publish a .well-known/openid-configuration endpoint (Okta, Auth0, Keycloak, etc.):

BASH
curl -X POST http://localhost:5062/sqlos/admin/auth/api/oidc-connections \
  -H "Content-Type: application/json" \
  -d '{
    "providerType": "custom",
    "displayName": "Okta",
    "clientId": "YOUR_CLIENT_ID",
    "clientSecret": "YOUR_CLIENT_SECRET",
    "discoveryUrl": "https://your-org.okta.com/.well-known/openid-configuration"
  }'

SqlOS fetches the authorization, token, and userinfo endpoints automatically from the discovery document.

Manual configuration#

For providers without a discovery endpoint:

BASH
curl -X POST http://localhost:5062/sqlos/admin/auth/api/oidc-connections \
  -H "Content-Type: application/json" \
  -d '{
    "providerType": "custom",
    "displayName": "Custom Provider",
    "clientId": "YOUR_CLIENT_ID",
    "clientSecret": "YOUR_CLIENT_SECRET",
    "authorizationEndpoint": "https://provider.com/authorize",
    "tokenEndpoint": "https://provider.com/token",
    "userinfoEndpoint": "https://provider.com/userinfo"
  }'

Enable and set the callback URI as with any other provider. See OIDC Social Login for the complete auth flow.