Secure OIDC Authentication Gateway with PKCE
detail.loadingPreview
This n8n workflow provides a robust and flexible OpenID Connect (OIDC) client, acting as an authentication gateway for your applications. It handles the full OIDC Authorization Code flow, including PKCE support, to securely authenticate users and retrieve their profile information, displaying a dynamic welcome or login page based on their session status.
About This Workflow
Empower your applications with seamless OIDC authentication using this comprehensive n8n workflow. Triggered by a webhook, it intelligently parses user cookies to check for existing sessions. If an access token is found, the workflow fetches user information from your OIDC provider and renders a personalized welcome page. For new or unauthenticated users, it dynamically generates a login page with embedded JavaScript that manages the OIDC Authorization Code flow, complete with PKCE (Proof Key for Code Exchange) for enhanced security. Upon successful authentication, it acquires an access token, sets a session cookie, and guides the user to their welcome experience, all without exposing sensitive credentials.
Key Features
- Full OIDC Authorization Code Flow: Implements the standard OIDC Authorization Code flow, including secure token exchange.
- PKCE Support: Enhances security by utilizing Proof Key for Code Exchange (PKCE) to mitigate authorization code interception attacks.
- Dynamic Welcome & Login Pages: Automatically renders personalized welcome pages for authenticated users and directs unauthenticated users to a secure login interface.
- Cookie-Based Session Management: Manages user sessions by parsing and setting access tokens in browser cookies.
- Configurable OIDC Endpoints: Easily set your Authorization, Token, and User Info endpoints, Client ID, and scope to integrate with any OIDC provider.
- Secure User Data Retrieval: Fetches and displays essential user information (e.g., email) from the OIDC provider's userinfo endpoint.
How To Use
- Configure Webhook: Activate the 'Webhook' node and note down its test URL. This URL will serve as your
redirect_urifor your OIDC provider. You will also use this URL to access your OIDC client. - OIDC Provider Setup: Register a new client application with your OIDC provider (e.g., Auth0, Okta, Keycloak). Ensure you configure the
redirect_uriusing the URL obtained in step 1. - Set OIDC Variables: Locate the node responsible for setting OIDC parameters (e.g., 'Set variables : auth, token, userinfo, client id, scope' as referenced in the HTML nodes). Within this node, provide:
- Your OIDC provider's
auth_endpoint,token_endpoint, anduserinfo_endpoint. - The
client_idfor your registered application. - The necessary
scope(e.g.,openid profile email). - Set
PKCEtotrueorfalsebased on your OIDC provider's configuration and security requirements.
- Your OIDC provider's
- Activate and Test: Save and activate your workflow. Navigate to the Webhook URL in your browser to initiate the OIDC authentication flow. You should be redirected to your OIDC provider's login page, and upon successful authentication, presented with the personalized welcome page.
Apps Used
Workflow JSON
{
"id": "18a8a740-7960-4c8b-9b84-39e8ec681571",
"name": "Secure OIDC Authentication Gateway with PKCE",
"nodes": 8,
"category": "DevOps",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: 18a8a740-7960...
About the Author
N8N_Community_Pick
Curator
Hand-picked high quality workflows from the global community.
Statistics
Related Workflows
Discover more workflows you might like
Effortless Bug Reporting: Slack Slash Command to Linear Issue
Streamline your bug reporting process by instantly creating Linear issues directly from Slack using a simple slash command. This workflow enhances team collaboration by providing immediate feedback and a structured approach to logging defects, saving valuable time for development and QA teams.
Automate Qualys Report Generation and Retrieval
Streamline your Qualys security reporting by automating the generation and retrieval of reports. This workflow ensures timely access to crucial security data without manual intervention.
Automated PR Merged QA Notifications
Streamline your QA process with this automated workflow that notifies your team upon successful Pull Request merges. Leverage AI and vector stores to enrich notifications and ensure seamless integration into your development pipeline.