Appearance
OpenID Connect (Authentication System)
OpenID Connect lets you connect WeWeb to an identity provider that supports OIDC (for example Okta, Azure AD, or Keycloak).
What this system supports
- Redirect-based sign in
- Optional scopes (defaults to
openid profile email) - Session stored in the user’s browser (so users stay signed in)
Set up your identity provider
In your provider dashboard:
- Create an OpenID Connect application.
- Add allowed URLs for each environment (preview, staging, production) so redirects work.
- Copy the values you need:
Issuer URLClient ID- (Optional) scopes you want to request
Connect OpenID Connect in WeWeb
- Go to
Data & API → Authentication. - A) If this is your first time opening the
Authenticationarea, chooseOpenID Connectwhen prompted. - B) If this is not your first time, open
Configuration, clickSwitch authentication system, then selectOpenID Connect.
- A) If this is your first time opening the
- Create/select a
Connection(per environment). - Fill:
Issuer URLClient IDScopes(Optional)
Test sign in
- Add a login flow in the
Interfacetab using the OpenID Connect actions. - Preview and sign in.
- Confirm the user is authenticated and protected content behaves as expected.
For page and API protection, see Users and roles →.
Common pitfalls
Redirect URI mismatch
If the provider shows a redirect error, the allowed redirect URL in the provider dashboard does not match the environment URL you are testing on. Copy the exact URL from your browser and add it to the provider’s allowed redirect URLs.
Missing email
Some providers do not return an email address unless you request the right scope. If you need email, include email in Scopes.
Reference
Connection fields
| Field | Description |
|---|---|
Issuer URL | Provider URL used for discovery (via /.well-known/openid-configuration) |
Client ID | Client ID for your OIDC application |
Scopes | Space-separated scopes (default: openid profile email) |