Skip to content
Riptides Docs

OIDCClient

An OIDCClient defines an OpenID Connect client used for user authentication to the Riptides UI and API. It works alongside IdentityProviders to enable OAuth2/OIDC login flows.

  • API Group: core.riptides.io
  • Version: v1alpha1
  • Kind: OIDCClient
  • Plural: oidcclients

Spec

Section titled “Spec”

redirectUrls

Section titled “redirectUrls”
  • Type: array of string
  • Required: Yes

The allowed OAuth2 redirect URIs. After authentication, the identity provider redirects the user back to one of these URLs. Must match the URLs configured in your application or UI.

The spec must include exactly one of the following client type configurations.

native

Section titled “native”
  • Type: object (empty)

A built-in OIDC client configuration suitable for the Riptides UI and CLI. No additional fields are required — the control plane manages the client credentials automatically.

custom

Section titled “custom”
  • Type: object

A custom OIDC client for advanced use cases or third-party integrations.

FieldTypeRequiredDescription
grantTypesarray of stringNoAllowed OAuth2 grant types
authMethodstringNoClient authentication method
accessTokenTypestringNoType of access token to issue
applicationTypestringNoApplication type classification

Grant type options: GRANT_TYPE_AUTHORIZATION_CODE, GRANT_TYPE_REFRESH_TOKEN, GRANT_TYPE_CLIENT_CREDENTIALS, GRANT_TYPE_JWT_BEARER, GRANT_TYPE_TOKEN_EXCHANGE, GRANT_TYPE_IMPLICIT, GRANT_TYPE_DEVICE_CODE

Auth method options: AUTH_METHOD_CLIENT_SECRET_BASIC, AUTH_METHOD_CLIENT_SECRET_POST, AUTH_METHOD_NONE, AUTH_METHOD_PRIVATE_KEY_JWT

Access token type options: ACCESS_TOKEN_TYPE_BEARER, ACCESS_TOKEN_TYPE_JWT

Application type options: APPLICATION_TYPE_WEB, APPLICATION_TYPE_USER_AGENT, APPLICATION_TYPE_NATIVE

Example

Section titled “Example”

Native Client (Riptides UI)

Section titled “Native Client (Riptides UI)”
apiVersion: core.riptides.io/v1alpha1
kind: OIDCClient
metadata:
  name: riptides-ui
  namespace: riptides-system
spec:
  native: {}
  redirectUrls:
    - https://app.example.com/callback
    - https://app.example.com/ui/callback

Custom Client

Section titled “Custom Client”
apiVersion: core.riptides.io/v1alpha1
kind: OIDCClient
metadata:
  name: custom-integration
  namespace: riptides-system
spec:
  custom:
    grantTypes:
      - GRANT_TYPE_AUTHORIZATION_CODE
      - GRANT_TYPE_REFRESH_TOKEN
    authMethod: AUTH_METHOD_CLIENT_SECRET_BASIC
    accessTokenType: ACCESS_TOKEN_TYPE_JWT
    applicationType: APPLICATION_TYPE_WEB
  redirectUrls:
    - https://integration.example.com/oauth/callback
Section titled “Related Resources”
  • IdentityProvider — configures the external identity source used with OIDC clients