Open ID Connect Authentication

This section guides you authenticating your users via the Open ID Connect protocol. Authentication with Open ID requires configuration in EMS Mobile App before users can authenticate.

For more information about how Open ID can be hosted or pre-configured in the EMS Mobile App, see Open ID Connect Authentication Can Be Hosted or Pre-Configured in the EMS Mobile App.

This topic provides information on the following:

OpenID authentication configuration requires two inputs: 

  1. User Info Endpoint. The EMS Platform Services will send the access_token to this endpoint to retrieve information about the end user.
  2. Specify whether the EMS Platform Services should make a GET or POST request to the userinfo endpoint.

Register Your EMS Mobile App with idP

This is your responsibility. The client_id generated by this registration is required. 

Customize Your Configuration

Follow the steps below to customize your Open ID Connect configuration.

Create a Configuration File

  1. Refer to Customize Your Mobile App Configuration Using config.json for details on building a configuration file for EMS Mobile App.
  2. Once you have created your configuration file, you might proceed with one of the sections below, depending on whether you intend to host the file or pre-configure the application and redistribute it.

Use Hosted Configuration

Host your configuration file from a web server an distribute the URL to your end users via the Import SSO Config feature in EMS Mobile App. Users should only have to perform this import one time per installation of the application.

Important!

We do not recommend making this configuration file available publicly, since it will likely have URLs and/or other information in it that you do not want made available. Instead, host the file such that it is only available internally to your organization.

Pre-Configure EMS Mobile App

If you want to pre-configure the mobile app, see Configure and Re-Sign the EMS Mobile App.

Test Your Open ID Connect Configuration

Assuming you have installed the EMS Platform Services API at https://ems.yourcompany.com/endpoint, then you can test the configuration with a simple curl command:

curl -X GET -H 'x-ems-consumer: MobileApp' https://ems.yourcompany.com/endpoint/api/v1/health

You can also use the API's Swagger interface to accomplish this goal.

You should see a portion of the JSON response that looks like this (unrelated details omitted for brevity):

{
    ...
    "additionalProperties": {
        "authConfig": {
            "activities": "openId"  // <-- these are the critical lines
            "ui":"openId"
        }
    }
}

Test Your Open ID Connect Authentication

Assuming you have installed the EMS Platform Services API at https://ems.yourcompany.com/endpoint, you can test the authentication with a curl command:

curl -X POST -H 'x-ems-consumer: MobileApp' -H 'Content-Type: application/json' -d '{"token":
"your_access_token"}' https://ems.yourcompany.com/endpoint...authentication

...where your_access_token is a valid access_token retrieved from your IdP.

api/v1/authentication is the endpoint within the API where your request must be sent.