Numerous web-based applications like AUTH0, NextCloud and WordPress are compatible with a variety of OpenID Connect Identity Providers. However, the situation is different for less common or proprietary applications. To illustrate this, we've developed a simple JavaScript OIDC Client Library. This allows OpenID Connect Connectivity to be integrated with just a single include directive pointing to our library: aloaha_oidc.js.
You can find the full demo at: https://auth.codeb.io/oidcclient.html.
To utilize this, you can choose from any public OIDC Providers such as Google, Outlook, Facebook, LinkedIn, etc. However, we're particularly interested in demonstrating how our CodeB Authenticator can transform your phone into an OIDC Identity Provider.
To turn your phone into an OIDC Identity Provider, you'll need to install the CodeB Authenticator by scanning the QR Code below or clicking on it.
After installation, you'll need to set up your phone number, email address, display name, and security PIN. This security PIN not only adds an extra layer of encryption to the traffic between your phone and our Mobile Identity Broker, but also safeguards you against various phishing attacks.
Once you've set up the CodeB Authenticator, return to https://auth.codeb.io/oidcclient.html and use any values as Client ID/Secret, use https://auth.codeb.io as the URL, and /.well-known/openid-configuration as the Discovery Path. The scope should be set to "openid serversig". This scope instructs the identity broker to verify the mobile signature and, if valid, replace it with the server's signature.
For easier configuration, you can use this autoconfigure link:
Finally, click on the "Logon" button. You'll be redirected to the CodeB Identity Broker, which serves as a proxy between your mobile and the application. Enter your mobile number and the previously configured security PIN, then click "Log In". You'll receive a popup on your mobile asking for logon permission. If you confirm, the mobile will create the OIDC Authentication Token and send them back to the Identity Broker, signed and encrypted. You have been logged on without using any password!
As a demonstration, you'll see the OIDC claims included in the token.