Stay organized with collections
Save and categorize content based on your preferences.
The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth provider configuration interface. An OIDC provider can be created via BaseAuth.createProviderConfig().
This is the required client ID used to confirm the audience of an OIDC provider's [ID token](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
This is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. [/.well-known/openid-configuration](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following:
To verify the provided issuer.
Determine the authentication/authorization endpoint during the OAuth id_token authentication flow.
To retrieve the public signing keys via jwks_uri to verify the OIDC provider's ID token's signature.
To determine the claims_supported to construct the user attributes to be returned in the additional user info response.
ID token validation will be performed as defined in the [spec](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).
The OIDC provider's response object for OAuth authorization flow.
OIDCAuthProviderConfig.clientId
This is the required client ID used to confirm the audience of an OIDC provider's [ID token](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
Signature:
clientId:string;
OIDCAuthProviderConfig.clientSecret
The OIDC provider's client secret to enable OIDC code flow.
Signature:
clientSecret?:string;
OIDCAuthProviderConfig.issuer
This is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. [/.well-known/openid-configuration](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following:
To verify the provided issuer.
Determine the authentication/authorization endpoint during the OAuth id_token authentication flow.
To retrieve the public signing keys via jwks_uri to verify the OIDC provider's ID token's signature.
To determine the claims_supported to construct the user attributes to be returned in the additional user info response.
ID token validation will be performed as defined in the [spec](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).
Signature:
issuer:string;
OIDCAuthProviderConfig.responseType
The OIDC provider's response object for OAuth authorization flow.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2022-07-29 UTC."],[],[],null,["# OIDCAuthProviderConfig interface\n\nThe \\[OIDC\\](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth provider configuration interface. An OIDC provider can be created via [BaseAuth.createProviderConfig()](./firebase-admin.auth.baseauth.md#baseauthcreateproviderconfig).\n\n**Signature:** \n\n export interface OIDCAuthProviderConfig extends BaseAuthProviderConfig \n\n**Extends:** [BaseAuthProviderConfig](./firebase-admin.auth.baseauthproviderconfig.md#baseauthproviderconfig_interface)\n\nProperties\n----------\n\n| Property | Type | Description |\n|----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| [clientId](./firebase-admin.auth.oidcauthproviderconfig.md#oidcauthproviderconfigclientid) | string | This is the required client ID used to confirm the audience of an OIDC provider's \\[ID token\\](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken). |\n| [clientSecret](./firebase-admin.auth.oidcauthproviderconfig.md#oidcauthproviderconfigclientsecret) | string | The OIDC provider's client secret to enable OIDC code flow. |\n| [issuer](./firebase-admin.auth.oidcauthproviderconfig.md#oidcauthproviderconfigissuer) | string | This is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. \\[`/.well-known/openid-configuration`\\](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following: - To verify the provided issuer. - Determine the authentication/authorization endpoint during the OAuth `id_token` authentication flow. - To retrieve the public signing keys via `jwks_uri` to verify the OIDC provider's ID token's signature. - To determine the claims_supported to construct the user attributes to be returned in the additional user info response. ID token validation will be performed as defined in the \\[spec\\](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation). |\n| [responseType](./firebase-admin.auth.oidcauthproviderconfig.md#oidcauthproviderconfigresponsetype) | [OAuthResponseType](./firebase-admin.auth.oauthresponsetype.md#oauthresponsetype_interface) | The OIDC provider's response object for OAuth authorization flow. |\n\nOIDCAuthProviderConfig.clientId\n-------------------------------\n\nThis is the required client ID used to confirm the audience of an OIDC provider's \\[ID token\\](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).\n\n**Signature:** \n\n clientId: string;\n\nOIDCAuthProviderConfig.clientSecret\n-----------------------------------\n\nThe OIDC provider's client secret to enable OIDC code flow.\n\n**Signature:** \n\n clientSecret?: string;\n\nOIDCAuthProviderConfig.issuer\n-----------------------------\n\nThis is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. \\[`/.well-known/openid-configuration`\\](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This is needed for the following:\n\n- To verify the provided issuer.\n- Determine the authentication/authorization endpoint during the OAuth `id_token` authentication flow.\n- To retrieve the public signing keys via `jwks_uri` to verify the OIDC provider's ID token's signature.\n- To determine the claims_supported to construct the user attributes to be returned in the additional user info response.\n\nID token validation will be performed as defined in the \\[spec\\](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).\n\n\u003cbr /\u003e\n\n**Signature:** \n\n issuer: string;\n\nOIDCAuthProviderConfig.responseType\n-----------------------------------\n\nThe OIDC provider's response object for OAuth authorization flow.\n\n**Signature:** \n\n responseType?: OAuthResponseType;"]]
