Guides

Quick start
Authenticate the user
Authority management for users
Authorization
Manage user accounts
Manage User Directory
Management Application
Become a source of federal authentication identity
Connect to an external identity provider (IdP)
- Social Identity Provider
- Enterprise Identity Provider
- Custom database
Open up WeChat ecology
Migrate users to Authing
Management organization
Expandable capabilities
Audit Log
Configure security information
Configure user pool information
Deployment plan
Frequently Asked Questions FAQs

¶ OAuth2.0 Identity Source

Update Time: 2025-06-11 08:01:00

Edit

¶ Introduction

Overview：OAuth2.0 is an authorization standard protocol. When a user logs in to a third-party application, the user can securely authorize the data to the caller by using the OAuth2.0 protocol. It allows users to access multiple applications while providing credentials (such as user ID and password) to the central CAS server application only once. Authing supports the authentication capability of the OAuth2.0 protocol, and the user only needs to provide the OAuth2.0 authentication service. After configuring the OAuth2.0 identity source, you can use it to complete the single sign-on and logout functions.
Application scenarios：PC Website
End-User Preview：

¶ Precautions：

Requires a service that supports OAuth2.0 protocol capabilities;
If you do not have an Authing console account, please go to the Authing Console (opens new window) to register a developer account;

¶ Step1：Create An OAuth2.0 Identity Source

The third-party login provided by many existing websites follows the OAuth2.0 standard protocol. Many websites may have inconsistent processing details and can be extended based on the OAuth2.0 protocol, but the overall authorization and authentication process is the same. So you can use a third-party login application that supports OAuth2.0 authentication as an identity source.

If there is no available identity source, Authing can also be used as an OAuth2.0 identity source, and other systems can access Authing as an identity provider through the OAuth2.0 protocol. For details, please refer to: Become an OAuth2.0 Identity Source (opens new window).

¶ Step 2: Configure the OAuth2.0 identity source in the Authing console

2.1 Open the Authing console and enter the user pool that you want to connect to the OAuth2.0 identity source, here called "User Pool B". On the left menu, select Connect to Identity Source > Enterprise Identity Source, and select Create Enterprise Identity Source on the right panel.

2.2 Find "OAuth2.0" in the right panel and click it.

2.3 According to the configuration requirements of OAuth2.0, fill in the configuration content required by the OAuth2.0 protocol.

NO.	Fields/Function	Description
2.3.1	Uniquely Identifies	a. The unique identifier consists of lowercase letters, numbers, and -, and the length is less than 32 digits. b. This is the unique identifier of this connection and cannot be modified after setting.
2.3.2	Display Name	This name will be displayed on the button on the end user's login screen.
2.3.3	Application Logo	The identity source logo displayed on the login screen button.
2.3.4	Authorization URL	The URL used to initiate an authentication request to the CAS IdP. Fill in the "Login Endpoint" recorded earlier.
2.3.5	Token URL	The URL used to obtain identity information from the CAS IdP. Fill in the previously recorded "service ticket verification endpoint (CAS 2.0").
2.3.6	Authorization Scope	The authorization scope carried in the authorization request.
2.3.7	Client ID	The Client ID of your OpenID Connect provider.
2.3.8	Client Secret	The Client Secret of your OpenID Connect provider.
2.3.9	Authorization Link Template	The concatenated authorization URL is used to request an authorization request link to be automatically generated.
2.3.10	Code for Token script	A script to exchange Code for Token required in the authorization process.
2.3.11	Token change user script	A script to exchange the token required during the authorization process for user information.
2.3.12	Login Mode	After enabling the "Login Only Mode", you can only log in to an existing account and cannot create a new account. Please choose carefully.
2.3.13	Account identity association	When "Account Identity Association" is not enabled, a new user is created by default when a user logs in through an identity source. After enabling "Account Identity Association", you can allow users to log in to existing accounts directly through "Field Matching" or "Asking for Binding".

After the configuration is complete, click the "Save" button to complete the creation.

¶ Step 3: Development Access

Recommended development access method: use the hosted login page
Description of advantages and disadvantages: Simple operation and maintenance, Authing is responsible for operation and maintenance. Each user pool has an independent second-level domain name; if you need to embed it into your application, you need to use the pop-up mode to log in, that is: after clicking the login button, a window will pop up, the content is the login page hosted by Authing, or the browser The server redirects to the login page hosted by Authing.
Detailed access method:

3.1 Create an app in the Authing console. For details, see: How to create an app in Authing.

3.2 On the created OAuth2.0 identity source connection details page, open and associate an application created in the Authing console.

3.3 Experience OAuth2.0 enterprise login on the login page.

Prev: OIDC Next: LDAP