diff --git a/content/en/docs/marketplace/platform-supported-content/modules/oidc.md b/content/en/docs/marketplace/platform-supported-content/modules/oidc.md index 763040dd060..d5d54df9049 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/oidc.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/oidc.md @@ -205,6 +205,7 @@ This section provides an overview of updates for the OIDC SSO module across diff | Mendix Version | OIDC SSO Module Version | Important Migration Changes | Additional Information | | --- | --- | --- | --- | +| 10.24.0 and above | 4.4.0 | - | **Issued Tokens** tab has been removed from the OIDC Client Configuration page. | | 10.24.0 and above | 4.3.0 | - | Supporting multi-domain and sub-path | | 10.24.0 and above | 4.2.1 | In version 4.2.1, automatic migration of the UserCommons has been removed. | Since migration steps were removed in 4.2.1, you must upgrade to OIDC SSO version 4.2.0 first to prevent data loss. This applies to the UserCommons, if you are migrating from any version below 3.0.0, always upgrade to 4.2.0 first, then move to the latest v4.2.1. | | 10.21.01 and above | 4.2.0 | In version 4.2.0, the module no longer automatically executes the UserCommons migration in the startup microflow. The migration step has been moved to a dedicated microflow, which you can trigger via a widget. | The `ASU_STARTUP` microflow has been moved under the **USE_ME** folder. | @@ -259,6 +260,8 @@ In addition, administrators will need to have access to configure OIDC and also If you are testing phone web and phone web offline locally, use the URLs `http://localhost:8080/?profile=Phone` and `http://localhost:8080/?profile=PhoneOffline`, respectively. For more information, see the [Example of profile selection](/refguide/mobile/introduction-to-mobile-technologies/progressive-web-app/#example-of-profile-selection) section of *Progressive Web App*. +Admins can view their own token using a snippet in their custom page. They can find this snippet under **OIDC > USE_ME > Snippet_Token_View**. The snippet displays the admin's decrypted and decoded Access token and ID token. + ### Setting Encryption Key Follow the instructions to [set an encryption key in the Encryption module](/appstore/modules/encryption/#configuration). The constant to set is called `Encryption.EncryptionKey` and should be a random value 32 characters long. This key will be used to encrypt and decrypt values. @@ -1133,6 +1136,8 @@ Content - {"error":"invalid_client","error_description":"client authentication f [Section 5.2 of RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749#section-5.2) indicates and clarifies all the possible error codes that may be returned. +If you want to review tokens during troubleshooting, you can include the `Snippet_Token_View` snippet in a custom admin page; this allows you to see the json content. + ### Custom Microflow Implementation Should Be Required to Process Access_Token Roles If you get the error message “Custom microflow implementation should be required to process Access_token roles” in the Mendix Studio Pro console logs, this indicates you have not completely implemented your custom microflow for parsing access tokens (`CustomATP_…`). See the section on [Dynamic Assignment of Userroles (Access Token Parsing)](#access-token-parsing). diff --git a/static/attachments/appstore/platform-supported-content/modules/oidc/default-user-provisioning.png b/static/attachments/appstore/platform-supported-content/modules/oidc/default-user-provisioning.png index fcc8262a9db..573751aa3e5 100644 Binary files a/static/attachments/appstore/platform-supported-content/modules/oidc/default-user-provisioning.png and b/static/attachments/appstore/platform-supported-content/modules/oidc/default-user-provisioning.png differ