### OpenID Configuration (OIDC)

AURA uses OpenID Connect for authorized access to the _Steering_ backend.

For example _Dashboard_ and _Battery_ need to be registered as clients, in order to communicate with
_Steering_.

Usually they are created during the initialization step of _Aura Web_. In some case you may want to
update them, to fix an broken installation. Or you might want to register any 3rd party service at
_Steering_.

OIDC clients are configured in Django admin under the "OIDC Clients" section.

<img src="../_static/screenshots/admin/admin-oidc-client-list.png" />

#### Create OpenID Connect clients

To create an OpenID Connect client for Dashboard, update `AURA_DASHBOARD_OIDC_CLIENT_ID` in your
`.env` and execute the following with the containers running:

```properties
docker compose exec steering steering create_oidc_client dashboard public --client-id "${DASHBOARD_OIDC_CLIENT_ID}" --client-secret "${DASHBOARD_OIDC_CLIENT_SECRET}" -r "code" -u "${DASHBOARD_CALLBACK_BASE_URL}/oidc_callback.html" -u "${DASHBOARD_CALLBACK_BASE_URL}/oidc_callback_silentRenew.html" -p "${DASHBOARD_CALLBACK_BASE_URL}" -p "${DASHBOARD_CALLBACK_BASE_URL}/"
```

To create an OpenID Connect client for Battery, set a value for `AURA_BATTERY_OIDC_CLIENT_ID` in
your `.env` and execute the following with the containers running:

```properties
docker compose exec steering /bin/sh -c 'steering create_oidc_client battery confidential --client-id "$BATTERY_OIDC_CLIENT_ID" --client-secret "$BATTERY_OIDC_CLIENT_SECRET" -r code -u "$BATTERY_CALLBACK_BASE_URL"'
```

These commands will fail if the `client_id` is already existing in Steering. In that case you need
to delete the existing client first.

#### Edit OpenID Connect clients

For certain configuration changes, like when you change the hostname of your AURA installation, you may need to edit the OIDC clients in Steering, otherwise you will be unable to authenticate.

Navigate to "_Steering &gt; OpenID&nbsp;Connect&nbsp;Provider &gt; Clients_" and edit the clients by updating the **Redirect URIs**.

In case you need to replace an existing `client_id`, you can delete them in Steering's administration interface at "_Steering &gt; OpenID&nbsp;Connect&nbsp;Provider &gt; Clients_".

If you cannot access Steering’s administration interface, you can delete the clients by running:

```properties
docker compose exec steering steering delete_oidc_clients
```

This will delete the existing OpenID Connect clients for Dashboard and Battery.

You can then re-create as described [above](#create-openid-connect-clients).