Custom OIDC
Connect any OIDC-compliant provider.
Discovery-based setup
For providers that publish a .well-known/openid-configuration endpoint (Okta, Auth0, Keycloak, etc.):
curl -X POST http://localhost:5062/sqlos/admin/auth/api/oidc-connections \
-H "Content-Type: application/json" \
-d '{
"providerType": "custom",
"displayName": "Okta",
"clientId": "YOUR_CLIENT_ID",
"clientSecret": "YOUR_CLIENT_SECRET",
"discoveryUrl": "https://your-org.okta.com/.well-known/openid-configuration"
}'
SqlOS fetches the authorization, token, and userinfo endpoints automatically from the discovery document.
Manual configuration
For providers without a discovery endpoint:
curl -X POST http://localhost:5062/sqlos/admin/auth/api/oidc-connections \
-H "Content-Type: application/json" \
-d '{
"providerType": "custom",
"displayName": "Custom Provider",
"clientId": "YOUR_CLIENT_ID",
"clientSecret": "YOUR_CLIENT_SECRET",
"authorizationEndpoint": "https://provider.com/authorize",
"tokenEndpoint": "https://provider.com/token",
"userinfoEndpoint": "https://provider.com/userinfo"
}'
Enable and set the callback URI as with any other provider. See OIDC Social Login for the complete auth flow.