When i try use Open ID Connect ID Provider v2.0.2 for example for Google, automatic not added user to default groups which set in config file
idprovider.myoidcprovider.mappings.defaultGroups = group:myoidcprovider:google-users
It success authorized and created user inside Enonic but not add created user to group (google-users).
name of group: google-users and it created by me
Any alert or error in log server not show
Hi Zahi,
Unfortunately, in the documentation there is an issue. The correct usage must be like this:
idprovider.myoidcprovider.defaultGroups = group:myoidcprovider:google-users
Thank you.
Yes, it is work now.
Another problem which i faced with myoidcprovider:
It is ok work when I set permission to Content and try access it, script redirects me to the authorization page for google or other service BUT BUT BUT when I try to do this on API level it does not work. As i see login URL generated but it i see error that such page NOT EXIST:
var user = authLib.getUser();
if (!user) {
var loginUrl = portalLib.loginUrl({
idProvider: 'myoidcprovider',
redirect: req.url
});
log.info(loginUrl);
return {
redirect: loginUrl
};
}
In result url looks:
localhost:8080/_/idprovider/myoidcprovider/login?redirect=http%3A%2F%2Flocalhost%3A8080%2F&_ticket=f1893eb11fc3b894289d4ef8e50837e8c5bb3389
Hi, sorry for the late response.
I couldn’t reproduce it. Could you please share logs or anything else that can help reproduce it?
Hi.
AFAIK, you would normally not want to access API’s using a regular IDprovider for Google. These are made for human logins. Maybe you can check out the JWT idprovider? You can also make your own custom authentication mechanism if needed.
What are you looking to do? As in, what is the use-case you are investigating?
I have try use myoidcprovider for connect to feide.no and it work OK. When I set permission to content-type and try to get it I automatically navigate to the page of FEIDE’s login. This is ok work with Content Studio and authorization success
But for example if I want to use PWA starter there I need to use API to recognize if the user is authorized and if not send it to the login page. I use this code
Blockquote
var user = authLib.getUser();
if (!user) {
var loginUrl = portalLib.loginUrl({
idProvider: ‘myoidcprovider’,
redirect: req.url
});
log.info(loginUrl);
return {
redirect: loginUrl
};
}
But it give out this link which not work:
localhost:8080/_/idprovider/myoidcprovider/login?redirect=http%3A%2F%2Flocalhost%3A8080%2F&_ticket=f1893eb11fc3b894289d4ef8e50837e8c5bb3389
Ah… I think I get it.
Where is this controller located in your app structure?
I testing with page’s controller
Hmm… But the page controller will be on a content item - which would normally trigger a login? Are you trying to trigger a login on a content item with “everyone can read” permissions?
Normally, the redirect will be contextual to the requested page, i.e. /site/repo/branch/my/page …
I am only testing this feature.
Variant 1
I set permission for page only authorized and set default provider myoidcprovider. When I try get to content and i not authorized it navigate me to link like
After I was authorized, it navigated back to the page which I requested before.
My goal is to repeat this functionality WITH API, for example i will be using PWA starter. HOW generate a link which i pasted upper? Early I sent the code which I used to generate it.
Ah… I see. I got confused when you talked about using the API. I thought you wanted to programmatically secure requests to a web-api 
The solution is simple, just return status: 401 (not authenticated) status code from your controller.
The request pipeline is explained here: https://developer.enonic.com/docs/xp/stable/runtime/engines:
Here is an overview of the response object: HTTP request and response - Enonic Developer Portal
NB! The contextual ID provider is configured in vhosts. So, if you try this on your sandbox w/o vhosts configured, you will get the system idprovider instead of your feide idprovider.