OAuth

the oauth section is designed for it administrators or technical users who want to set up an external login system using oauth 2 0 this allows users to sign into ampeducator using existing accounts from platforms like google, microsoft, or any other oauth compatible provider when configured, ampeducator will use the user’s email address to identify their account during login you can find this section under institution config / general / oauth the callback urls that need to be added to your provider are shown directly in this section of ampeducator these are specific to your institution and must be entered exactly as shown ampeducator supports both 3 legged oauth and openid connect supported signing methods include hs256 and rs256 once your provider is added, you can use the gear icon next to it to test the connection and make sure everything works properly adding a new oauth provider to configure an external authentication provider, click the new oauth provider button this will open a modal where you can choose between two provider types open id connect or oauth 2 0 both options allow you to integrate secure login functionality using third party identity providers before filling out the form, make sure the callback urls displayed in the instructions of the oauth section have been added and validated with your provider these urls are specific to your institution and must be copied exactly as shown provider type options open id connect an identity layer built on top of oauth 2 0, typically used when the identity provider supports scopes like openid profile email oauth 2 0 the core authorization protocol used for token based access and authentication regardless of the provider type selected, it’s recommended to leave the status set to disabled until the integration has been tested and confirmed working shared fields name a name to identify this provider (e g , “google sign in”) description (optional) any notes or context about this configuration discovery document url if available, enter the url to auto populate the required endpoint fields auth endpoint the authorization endpoint from your provider token endpoint the token exchange url client id / secret key credentials provided by your oauth service scopes permissions requested from the provider for open id connect, this is usually openid profile email oauth 2 0 only if oauth 2 0 is selected, an additional field will appear user info endpoint the url used to retrieve user information once authentication is complete after filling in the required fields, click add to save your provider once added, you can test the configuration using the gear icon beside the provider name in the list if you have any questions or issues, please contact us at support\@ampeducator com