...
Each database server has a corresponding OIDC server instance, so to fetch a token, embedder should connect to a chosen OIDC server's authorize endpoint. Our integrating solution supports OIDC implicit or code grant type. We recommend using implicit in browser web application and code in desktop/mobile apps.
Registration
Embedders should register their application with us beforehand. This registration is currently manual. As a result, embedders will have a set of credentials which will identify (client) application during token henting. Such credentials include client_id, client_secret (if applicable) and one or multiple redirect_uri.
1. Implicit grant
The following parameters are required in such OIDC request:
response_type: tokenclient_id: drofus-embedded your_client_id(previously registered)scope: dr-stdredirect_uri: has to match oneyour_redirect_uri(previously registered.)dbandpr: database name and project number (eg, "01", "02", etc.). These are not standard OIDC parameters, but required by Drofus login procedure.
...
response_type: codeclient_id: drofus-embedded-app your_client_id(previously registered)client_secret:Contact us and will provide youyour_client_secret(as cleartext, previously registered)scope: dr-stdredirect_uri:http://localhost:5678/landingor has to match one previously registered.your_redirect_uri(previously registered)
Remark: If code grant is used in a web application, redirect_uri must be a valid URL pointing to a web application the embedders control and thus has to be registered same way as with implicit grant. Redirect URI has less importance in apps and any URI can be used, does not need to point to an actual website. But still, must be filled and match previously registered one
dbandpr: database name and project number (eg, "01", "02", etc.). These are not standard OIDC parameters, but required by Drofus login procedure.
...