Add an OpenId Connect app to your company app catalog

1. Access your OneLogin Administration portal and select Apps.
2. Select Add App to add a new app.
3. Search for “OpenId Connect” or “oidc” then select the OpenId Connect (OIDC) app
4. Name the app and click Save.
5. On the Configuration tab, enter the Redirect URI that your app uses as the callback endpoint. This is where OneLogin sends the authentication response and ID token.Redirect URI- After the user authenticates we only allow redirects back to items on the comma-separated list of URLs (or new-line). HTTPS is required. Http://localhost is only permitted for development purposes, don’t use in production.Note: If you edit this field, the new value won’t appear for up to 10 minutes due to caching.
   Login URL - In this optional URL field, enter the URL your users access to sign in to the app. Optional URL is required if users want to launch the app from the OneLogin portal. OpenID Connect enables service-provider-initiated (SP-initiated) SSO, but not identity-provider-initiated (IdP-initiated) SSO. When you provide a Login URL, OneLogin mimics an IdP-initiated SSO experience: the user is directed to the app’s login page, where the SP-initiated authentication flow begins.
6. On the SSO tab, copy the Client ID & Client Secret values and use these in your OpenID-Connect-enabled app.Client ID- Public key, issued by OneLogin. It must be recorded by your app and passed with each request for an access token.Client Secret - Private key, used by the client to exchange an authorization code for a JWT token. Click Regenerate client secret to generate a client secret. For security purposes, don’t hard code this in apps.
   OpenID Provider Configuration Information - If your app supports self-discovery using provider metadata endpoints, this is where it locates details about OneLogin’s OpenID Connect implementation for this connector, including supported claims, grant types, and JSON Web Key (JWK) signing and encryption information.
   Token Endpoint - In the OpenId Connect Authorization flow, select POST or Basic, depending on the protocol your app employs to fetch an access token. For Dotnet or Node.js/Passport based apps, POST is most common.
   Token Timeout Settings - Only apply when using the Resource Owner Password Grant.