Available in v3.4.0 and later.
Accounts using the same email are linked together. This assumes that you are using a trusted identity provider that uses verified email addresses.

OpenID Connect (OIDC)

If your identity provider supports OAuth 2.0 based authentication with OpenID Connect (OIDC), you can use it to authenticate users on your Rallly instance.

Required Scopes

Your OAuth 2.0 application needs to be configured with the following scopes:
  • openid: Essential for OIDC to function, used to perform authentication.
  • profile: Access to the user’s personal information such as name and picture.
  • email: Access to the user’s email address.

Callback URL / Redirect URI

Your identity provider should redirect the user back to the following URL:
{BASE_URL}/api/auth/callback/oidc
Replace {BASE_URL} with the base URL of your Rallly instance and add it to the list of allowed redirect URIs.

Configuration

The following configuration options are available for OIDC. All required fields must be set for OIDC to be enabled.
OIDC_NAME
default:"OpenID Connect"
The display name of your provider as it will be shown on the login page
OIDC_DISCOVERY_URL
required
URL of the .well-known/openid-configuration endpoint for your OIDC provider
OIDC_CLIENT_ID
required
The client ID of your OIDC application
OIDC_CLIENT_SECRET
required
The client secret of your OIDC application
OIDC_NAME_CLAIM_PATH
default:"name"
The path to the claim that contains the user’s name
OIDC_EMAIL_CLAIM_PATH
default:"email"
The path to the claim that contains the user’s email address
OIDC_PICTURE_CLAIM_PATH
default:"picture"
The path to the claim that contains the user’s profile picture
Use dot notation in _CLAIM_PATH fields to access nested objects.