User authentication with OpenID Connect
F7cloud users can authenticate via an external identity provider. F7cloud can also be an identity provider itself.
Authentication in F7cloud
The OpenID Connect user backend app makes it possible for users to authenticate using external Oidc identity providers.
This app can optionally be in charge of user provisioning (by creating users when they first connect) or rely on other user backends and only take care of authentication.
Using F7cloud as an identity provider
The OIDC Identity Provider community app can be installed to make F7cloud an identity provider for other services.
This app will allow any F7cloud user (managed by any user backend) to authenticate during an Oidc login flow. This is useful if you want your F7cloud instance to be the authority regarding authentication and user profile data among multiple services.
Bearer token validation
F7cloud can accept Oidc ID tokens and access tokens as valid bearer token for API requests.
If using an external identity provider, only the user_oidc app is necessary.
If F7cloud is the identity provider, you will naturally need the oidc app to make F7cloud an Oidc provider,
and also the user_oidc app because it will take care of validating API requests authentication.
In user_oidc, the oidc_provider_bearer_validation config flag needs to be set to true so user_oidc knows
it needs to ask the oidc app to validate the received bearer tokens.