Home
OpenID Implementation
This document contains technical information for publishers and integrators about OpenID Connect (OIDC) protocol.
Client Application Configuration
A client application represents an application (typically a web application) of a publisher that provides services to authenticated users. Each application always belongs to one CONNECT tenant (customer). Each customer can have multiple applications.

OpenID Implementation
This document contains technical information for publishers and integrators about OpenID Connect (OIDC) protocol.
- Overview of CONNECT
  CONNECT is an Identity Management as a Service (IDaaS) platform created and managed by Wiley Partner Solutions that enables publishers to securely sign in users to their applications, using the OpenID Connect (OIDC) protocol.
- Overview of OpenID CONNECT
  The OpenID Connect (OIDC) protocol is an extension of OAuth 2.0 for use as an authentication protocol.
- Client Application Configuration
  A client application represents an application (typically a web application) of a publisher that provides services to authenticated users. Each application always belongs to one CONNECT tenant (customer). Each customer can have multiple applications.
- Metadata Document
  The OpenID Connect service is a metadata document that contains most of the information required for a client application to perform the authorization flow. This includes information such as the URLs to use and the location of the service's public signing keys.
- The Authorization Request
  When a web application needs to authenticate a user, it must direct the browser to the URL of the authorization_endpoint, specified in the application metadata. This request is also referred to as the authorization request.
- The id_token
  The id_token can be provided either in JSON format or as a signed JWT (configurable on the CONNECT side according to the client application requirements) and includes basic user profile data that allows the authentication of a user on the client application.
- Automatic Login
  The user authentication status on CONNECT can be checked by an application by issuing a "silent" authorization request.
- Retrieving User Data
  Some applications not only need to sign the user in, but also access a web service on behalf of that user using OAuth. An example of this is a service that provides additional user data than those included in the id_token.
- Scopes
- Logout
- Back Channels APIs

Client Application Configuration

A client application represents an application (typically a web application) of a publisher that provides services to authenticated users. Each application always belongs to one CONNECT tenant (customer). Each customer can have multiple applications.

To use CONNECT, a client application needs to be setup on the CONNECT side, using the following configuration:

Parameter Name	Description	Required?
Name	The application name that is displayed to users in the login form as well as when user authorization needs to be provided.	required
Redirect URLs	A list of callback URLs that can be passed by the client application in the redirect_uri parameter during an authorization request.	required
Privacy Policy URL	A URL to the publisher’s privacy policy that is included in new user account confirmation and the authorization user interface.	required
User Info Format	Controls the format of CONNECT’s response on requests to the UserInfo endpoint: JWT (default) JSON	required
JWT Configuration	JWT Format: Signed (default)/Encrypted/Plain Signature Algorithm: RS512 (default)/ RS256	required
Terms of Service URL	A URL to the publisher’s terms of service that is included in new user account confirmation and the authorization user interface.	optional
Update User Endpoint	Endpoint that CONNECT uses to send user profile updates.	optional
Delete User Endpoint	Endpoint that CONNECT uses to request user deletion.	optional
Logout Endpoint	Endpoint that CONNECT uses to terminate user sessions.	optional

For each client application, a base URL, a client_id, and a secret are generated by CONNECT. This information is used by the client applications to send requests to CONNECT using the OIDC protocol.