I am still new to OIDC, and I still can’t understand the Redirect_URI concept. Is Redirect_URI where I am supposed to get the session information and store it in a cookie/localstorage? Can I use a simple Javascript for this? If not, how can I get the user information after login is successful?
I am relying on browser authentication, since the application is an HTML frontend, and I am trying to redirect to an HTML page with a JavaScript which uses the authorization token to get the user info using endpoint protocol/openid-connect/userinfo. Is this the correct approach? Since nothing is being stored in cookies or localstorage.
I have installed Keycloak and using an Apache HTTPD reverse proxy (mod_auth_openidc) for my application.
The best next step is to review the OIDC standard specification [1]. You will find everything there.
Based on your question, here are a few hints below.
You are implementing a standard, therefore this is not a simple JavaScript file. You must use a certified OIDC SDK or middleware.
The proper approach is to implement the Authorization Code + PKCE flow.
In your case, since you are using mod_auth_openidc, you are delegating the handling and maintenance of the token lifecycle to the proxy. As a result, the application can obtain the required information from the authentication function, for example via headers, or you can expose a dedicated endpoint on the proxy.
Here is an example using another library, lua-resty-openidc [2].
local res, err = require("resty.openidc").authenticate(opts, nil, nil, session_opts) // res.user // or res.id_token // or res.access_token
Just follow the open standards as I said before. Either use an OIDC SDK library, or delegate authentication to the proxy using middleware such as lua-resty-openidc if you want to externalize token management and increase security.