OIDC Provider

Category: Modules
Subcategory: Authentication


The OIDC Provider can be used to build a Mendix app that acts as an OpenID provider for other apps, providing a Single Sign-On (SSO) experience for the end-users of those applications. This app could also delegate authentication of end-users to another Identity provider (IdP), causing it to act as an IAM broker.

The module supports responsive browser-based applications and has been tested with applications that use the OIDC SSO module. This module can be used in Mendix version 9.22.0 and above.

The idea is that you set up a single Mendix app which uses the OIDC SSO module to authenticate end-users with your central IdP. The same app also acts as an OIDC provider for your other apps to use as the IdP for OIDC SSO. This means it is working as an IAM (Identity and Access Management) broker for authentication and, optionally, authorization. You can easily add or remove apps from the IAM Broker app within the Mendix ecosystem using an API without each app and relevant user roles having to be added to your central IdP. However, you retain all the benefits of your central IdP in controlling on- and offboarding of users.




Please see OIDC Provider in the Mendix documentation for details.


If you would like to use the OIDC Provider module, please send an email to jaap.francke@mendix.com


Version: 1.0.0
Framework Version: 9.22.0
Release Notes: - This is the initial version of the “OIDC Provider” module having platform support. This version supports the following: - Allows registration of Mendix apps via the client registration endpoint - It works/integrates with the platform-supported OIDC SSO module - It supports responsive web applications, using the common OAuth Authorization Code grant. - Your apps can be registered as an OIDC client with the OIDC Provider using the client registration API or client configuration screen - It supports the OIDC ‘nonce’ parameter, PKCE, and multiple client authentication methods ( client_secret_post, client_secret_basic) as security features - It publishes a well-known endpoint to communicate other endpoints and other IdP characteristics to client applications URL: /oidc/.well-known/openid-configuration - Supports Custom claims - Supports “scope” approach to communicate the authorization decision made by the OIDC Provider module