diff --git a/content/en/docs/marketplace/platform-supported-content/modules/oidc.md b/content/en/docs/marketplace/platform-supported-content/modules/oidc.md index e96aa921e6f..1212a03064b 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/oidc.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/oidc.md @@ -478,6 +478,10 @@ when you set **ClientAuthenticationMethod** as `private_key_jwt`, you do not nee Example: `OIDC.Default_SAM_TokenProcessing_CustomATP` +* **CustomATPTokenType**: an optional deploy-time constant — when **CustomATP** is enabled, optionally, **CustomATPTokenType** can be set to `ID-TOKEN`. Default is `ACCESS-TOKEN`. + + Example: `ID-TOKEN` + * **CustomCallbackURL** – the custom callback URL * **SelectedClaim** – selected claim values — multiple values can be separated by a space @@ -869,6 +873,10 @@ To parse access tokens, you need to do the following: This section is only relevant if you are a Mendix partner and you want to integrate your app with the Siemens SAM IdP. {{% /alert %}} +{{% alert color="info" %}} +From version 4.x.x of the OIDC SSO module, optionally, you can select `ID-TOKEN` as a **Custom ATP Token Type** for all custom access token parsing. Default is `ACCESS-TOKEN`. +{{% /alert %}} + To parse of SAM access tokens you need to do the following when performing [Runtime Configuration of Your IdP at Your App](#runtime-idp-app): 1. Select *OIDC.Default_SAM_TokenProcessing_CustomATP* as the **custom AccessToken processing microflow**. @@ -917,7 +925,7 @@ If you are using Microsoft Entra ID, ensure you have followed the instructions f You can find a sample microflow for parsing access tokens, `OIDC.ACT_Token_CustomATPRetrieveRoles` in the OIDC module. -Your custom microflow should use the access token to create a list of user roles. Your token will contain one of the following: +Your custom microflow should use the access token/id token to create a list of user roles. Your token will contain one of the following: * the UUIDs of the user roles in your app which map to the `System.UserRole/ModelGUID` attribute * the name of the user role in the app, which can be used to find the `System.UserRole` within the app itself using the `Name` attribute diff --git a/static/attachments/appstore/platform-supported-content/modules/oidc/enable-sam.png b/static/attachments/appstore/platform-supported-content/modules/oidc/enable-sam.png index ad43febdab5..1685cc19459 100644 Binary files a/static/attachments/appstore/platform-supported-content/modules/oidc/enable-sam.png and b/static/attachments/appstore/platform-supported-content/modules/oidc/enable-sam.png differ diff --git a/static/attachments/appstore/platform-supported-content/modules/oidc/oidc-provider-parsing.png b/static/attachments/appstore/platform-supported-content/modules/oidc/oidc-provider-parsing.png index add4934df4b..3d60f2e2e0a 100644 Binary files a/static/attachments/appstore/platform-supported-content/modules/oidc/oidc-provider-parsing.png and b/static/attachments/appstore/platform-supported-content/modules/oidc/oidc-provider-parsing.png differ