OpenID Configuration (OIDC)

AURA uses OpenID Connect for authorized access to the Steering backend.

For example Dashboard and Battery need to be registered as clients, in order to communicate with Steering.

Usually they are created during the initialization step of Aura Web. In some case you may want to update them, to fix an broken installation. Or you might want to register any 3rd party service at Steering.

OIDC clients are configured in Django admin under the “OIDC Clients” section.

Create OpenID Connect clients

To create an OpenID Connect client for Dashboard, update AURA_DASHBOARD_OIDC_CLIENT_ID in your .env and execute the following with the containers running:

docker compose exec steering steering create_oidc_client dashboard public --client-id "${DASHBOARD_OIDC_CLIENT_ID}" --client-secret "${DASHBOARD_OIDC_CLIENT_SECRET}" -r "code" -u "${DASHBOARD_CALLBACK_BASE_URL}/oidc_callback.html" -u "${DASHBOARD_CALLBACK_BASE_URL}/oidc_callback_silentRenew.html" -p "${DASHBOARD_CALLBACK_BASE_URL}" -p "${DASHBOARD_CALLBACK_BASE_URL}/"

To create an OpenID Connect client for Battery, set a value for AURA_BATTERY_OIDC_CLIENT_ID in your .env and execute the following with the containers running:

docker compose exec steering /bin/sh -c 'steering create_oidc_client battery confidential --client-id "$BATTERY_OIDC_CLIENT_ID" --client-secret "$BATTERY_OIDC_CLIENT_SECRET" -r code -u "$BATTERY_CALLBACK_BASE_URL"'

These commands will fail if the client_id is already existing in Steering. In that case you need to delete the existing client first.

Edit OpenID Connect clients

For certain configuration changes, like when you change the hostname of your AURA installation, you may need to edit the OIDC clients in Steering, otherwise you will be unable to authenticate.

Navigate to “Steering > OpenID Connect Provider > Clients” and edit the clients by updating the Redirect URIs.

In case you need to replace an existing client_id, you can delete them in Steering’s administration interface at “Steering > OpenID Connect Provider > Clients”.

If you cannot access Steering’s administration interface, you can delete the clients by running:

docker compose exec steering steering delete_oidc_clients

This will delete the existing OpenID Connect clients for Dashboard and Battery.

You can then re-create as described above.