OIDC client workflow

OIDC client workflow automates user authentication through webhooks, enabling seamless integration with identity providers. It efficiently retrieves user information and presents personalized login and welcome pages, enhancing user experience while ensuring secure access to applications.

7/4/2025
15 nodes
Complex
webhookcomplexrespondtowebhooksticky noteadvancedintegrationapilogicconditional
Categories:
Webhook TriggeredComplex Workflow
Integrations:
RespondToWebhookSticky Note

Target Audience

This workflow is ideal for:
- Developers looking to implement OIDC (OpenID Connect) authentication in their applications.
- Businesses that need to securely authenticate users and access their profile information.
- Teams working with identity providers like Keycloak to streamline user authentication processes.
- System Integrators who require a robust solution for integrating webhooks and APIs within their applications.

Problem Solved

This workflow addresses the challenge of implementing secure user authentication using OIDC. It allows applications to:
- Efficiently obtain access tokens for user authentication.
- Retrieve user profile information securely from identity providers.
- Handle different authentication flows, including those using PKCE (Proof Key for Code Exchange) and standard authorization code flows.

Workflow Steps

  • Webhook Trigger: The workflow begins with a webhook that listens for incoming requests.
    2. Set Variables: It sets up necessary variables like auth endpoint, token endpoint, and client ID needed for OIDC.
    3. Check for Access Token: The workflow checks if an access token is present in the request.
    4. User Authentication: If the token is present, it retrieves user info from the identity provider; if not, it prepares to display a login form.
    5. Handle Login Form: If the user needs to log in, the workflow generates a login form that redirects to the auth endpoint.
    6. Token Retrieval: If a code is received in the URI (and not using PKCE), it exchanges that code for an access token at the token endpoint.
    7. User Info Retrieval: Once the access token is obtained, it retrieves user information.
    8. Response Handling: Depending on the result, it either sends back a welcome page or the login form to the user.

    • Customization Guide

    To customize this workflow:
    - Update Endpoints: Modify the auth_endpoint, token_endpoint, and userinfo_endpoint with your identity provider's URLs.
    - Client Credentials: Set your client_id and client_secret in the Set variables node.
    - Scopes: Adjust the scope parameter to include any additional scopes required by your application.
    - PKCE Configuration: If you want to disable PKCE, set the PKCE variable to false and ensure you provide a client_secret.
    - HTML Customization: Edit the HTML content in the login form and welcome page nodes to match your branding and user interface requirements.