Skip to main content

Add OAuth 2.0 Provider

This section contains step-by-step instructions for creating a OAuth 2.0 Provider in Monokee. The created provider will support only OAuth 2.0 protocol without OpenID Connect (OIDC) extensions.

The following steps will guide you through the process of setting up a OAuth 2.0 Provider:

  1. Navigate to your Monokee custom fully qualified domain name (FQDN) or if you haven't set up a custom FQDN, go to Monokee's default page and enter your domain ID. Then, enter your login credentials to access your account.

  2. Open the left sidebar and select OAuth Providers from the menu.

  3. This will display a two-tab page, choose the OAUTH PROVIDER tab. Click the Add button located in the top right corner.

  4. Within the presented modal, in the CORE tab, enter the desired Provider Name for your new provider, such as Default OAuth 2.0 Provider. Leave the Issuer untouched.

  5. Flag the Display Metadata options to enable OAuth 2.0 Provider Metadata. The provider information could be reached at this url: https://<(new.monokee.com/<domain_id>|<domain-custom-fqdn>)>/oauth2/<provider_id>/.well-known/oauth-authorization-server>.

  6. In the Grant types supported option, you can select the specific grant types you wish to enable. In a standard configuration, it is advisable to choose all grant types, except for implicit and password, which are generally considered to be insecure and not recommended.

  7. In the Token endpoint authentication methods supported, Revoke endpoint authentication methods supported, Introspect endpoint authentication methods supported options, you can select the supported authentication method for each endpoints. In a standard configuration, it is advisable to choose all the options, except for none that allow to call endpoint without authentication.

  8. In the Supported response types section you must enable the code checkbox.

  9. In the Supported code challenge methods section you can choose che challenge method supported by the Proof Key For Code Exchange (PKCE) variation of Authorization Code flow. We suggest to flag only S256 to improve security.

  10. In the Scopes section you can insert the needed scopes. For example, insert in the combobox the test and admin scopes.

  11. Click on the ADVANCED tab to see the full list of endpoints supported by the provider. It is important to note that, in most cases, these endpoints should remain unchanged, except for rare circumstances where endpoint overwriting is necessary.

  12. In the Supported response modes select choose all the options query, fragment and form_post. To enable you provider to all scenarios.

  13. In the Supported languages for the interfaces insert your supported language, for example en-US and it-IT.

  14. Click the bottom right Save button to save the configuration.