OpenID Connect

From WHMCS Documentation

OpenID Connect is the standard for single sign-on and identity provisioning on the internet. It uses JSON-based identity tokens (JWT) via the OAuth 2.0 protocol. In order to perform single sign-on through OpenID using WHMCS as an authentication provider, applications must use details that your WHMCS installation generates.

You can access this feature at Configuration () > System Settings > OpenID Connect.

More Information

Generating Credentials

To generate a new set of credentials:

  1. Click Generate New Client API Credentials.
  2. Enter a name, description, URL, and any authorized redirect URIs (see below).
  3. Click Generate Credentials.

When the page reloads, the Client ID and Client Secret values will display in the Client API Credentials section.

If you add or change any information after initially generating the credentials, make certain that you click Save Changes.

Set the Authorized Redirect URIs

WHMCS uses the redirect URI(s) that you add as a canonical list of approved redirect locations for the credentials. When a referring application makes a request, it must provide a redirect location. WHMCS will verify that that location is in the canonical list and will use it after the user has provided authentication and authorization.

To find the specified redirect URIs for your OAuth 2.0 credentials, follow these steps:

  1. Click Manage for your credentials.
  2. Find the Authorized Redirect URIs section.
  3. Make any desired changes.
    • Click Remove to delete a URI.
    • Click Add Another to add more URIs.
  4. When you have finished updating your URIs, click Save Changes.

Generate a New Client Secret

The client secret can be regenerated if, for example, you want to rotate it for security reasons.

To reset the client secret, follow these steps:

  1. Click Manage for your credentials.
  2. Click Reset Client Secret.
  3. Click OK.

The previous secret will immediately become invalid and the page will re-load displaying the new secret. Don't forget to set this new secret value at the referring application.