OIDC Clients


Authorized CILogon subscribers may use their COmanage Registry profile to register and manage OIDC clients. Log into your Registry and then select "OIDC Clients" from the left menu. CO administrators should select "Configuration" and then "OIDC Clients". If you do not see the "OIDC Clients" menu item contact your CO administrator to request permission to create and manage OIDC clients or mail help@cilogon.org.

Creating a New Client

On the right click "Add a New OIDC Client" to open the request form.

Fill in the form with your client details including Name, Home URL, Contact Email Address, and Callback URLs.

If your CO offers any special, customized client configurations tick the box for "Use a Named Configuration" to display the available custom or named configurations. Hover over the name of the custom configuration to see a more detailed description of the custom configuration. Tick the box for the named configuration to apply to your client.

If you choose not to use a named configuration or your CO does not offer any then you must select which scopes to request. See this CILogon OIDC page for details on scopes. You may also map LDAP attributes, populated by COmanage Registry, to OIDC claims to add custom claims (e.g. group membership) or override claims provided by the upstream login server (such as name or email address).

You may choose to enable Refresh Tokens and set the lifetime for the token. See this CILogon OIDC page for details on refresh tokens.

To submit the form and create your client configuration click "ADD". Record the client ID and secret. Be sure to securely escrow the client secret since it is not saved by CILogon. If you loose the client secret you will have to create a new client.

For full details on the CILogon OIDC and OAuth2 endpoints, scopes, tokens, claims, and how to use curl to test your client See this CILogon OIDC page.


Changing a Client Configuration

Click the "Edit" button next to the client ID of the client configuration you wish to change. Use the form to adjust or change details of the current configuration and then click "SAVE" to save the new configuration. The new configuration becomes active immediately.

For full details on the CILogon OIDC and OAuth2 endpoints, scopes, tokens, claims, and how to use curl to test your client See this CILogon OIDC page.