Product: PowerShell Universal
Version: 5.3
Reading the manual: OpenID Connect | PowerShell Universal
I understand this text as an OR not an AND.
Meaning i can either configure it through the UI (which in turn fills in authentication.ps1
) or I do it with the appsettings.json
.
When i provide the following into the UI , it works:
Set-PSUAuthenticationMethod -Type "OpenIDConnect" -CallbackPath "/auth/signin-oidc" -ClientId "x" -ClientSecret "x" -Authority "https://login.microsoftonline.com/xxx -UseTokenLifetime $true -GetClaimsFromUserInfoEndpoint $true -LoadMetadata
Blockquote Important to note, if i directly paste this line into the
authentication.ps1
without filling in the UI, it does not work ! You have to add the option via the UI. I assume somehow, something gets written to the database?
Now, for the second part, appsettings.json
:
{
"Kestrel": {
"Endpoints": {
"HTTP": {
"Url": "http://*:5000"
},
"HTTPS": {
"Url": "https://*:443",
"Certificate": {
"Thumbprint": "xxx",
"Store": "My",
"Location": "LocalMachine",
"AllowInvalid": "true"
}
}
}
},
"Plugins": [
"SQLite"
],
"Data": {
"RepositoryPath": "%ProgramData%\\UniversalAutomation\\Repository",
"ConnectionString": "Data Source=%ProgramData%\\UniversalAutomation\\database.db"
},
"Mode": "Server",
"PSUTelemetry": false,
"OIDC": {
"Enabled": true,
"CallbackPath": "/auth/signin-oidc",
"ClientID": "xxx",
"ClientSecret": "xxx",
"Authority": "https://login.microsoftonline.com/xxx",
"ResponseType": "code",
"SaveTokens": false,
"CorrelationCookieSameSite": "",
"UseTokenLifetime": true,
"Scope": "openid profile groups",
"GetUserInfo": true
},
"Logging": {
"Path": "%PROGRAMDATA%/PowerShellUniversal/log.txt",
"RetainedFileCountLimit": 31,
"LogLevel": {
"Default": "Debug",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*",
"CorsHosts": "https://login.microsoftonline.com"
}
This does nothing, even though I know my values work with the UI option.
Is it supposed to work or did i misunderstand the documentation?