| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Community Apps Dependencies | Show |
| Lines of code | 10497 |
| Technical Name |
muk_oidc |
| License | See License tab |
| Website | http://www.mukit.at |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Community Apps Dependencies | Show |
| Lines of code | 10497 |
| Technical Name |
muk_oidc |
| License | See License tab |
| Website | http://www.mukit.at |
MuK OpenID Connect Provider
OpenID Connect Identity Provider for Odoo
MuK IT GmbH - www.mukit.at
Overview
This module extends the MuK REST API to turn your Odoo instance into a fully compliant OpenID Connect (OIDC) Identity Provider. It adds automatic discovery, JSON Web Key Set (JWKS) publishing, signed ID token issuance, a UserInfo endpoint, and the standard OIDC scopes on top of the existing OAuth 2.0 authorization server. External applications can authenticate users against Odoo using industry-standard protocols.
Discovery & JWKS
The module publishes the standard /.well-known/openid-configuration
and /.well-known/jwks.json endpoints. Any OIDC-compliant client
can automatically discover your Odoo server's authorization, token, and
UserInfo endpoints along with the supported scopes, response types, and
signing algorithms â no manual URL configuration required.
Signing Keys
RSA signing keys are managed directly from the Odoo backend. Keys are automatically generated on first use and can be rotated with a single click. The JWKS endpoint always reflects the currently active keys, ensuring seamless key lifecycle management without any downtime.
ID Tokens & Scopes
The module issues signed JWT ID tokens that include user claims based on the requested OIDC scopes. Standard scopes â openid, profile, email, address, and phone â are supported out of the box. Each OAuth 2.0 client can be individually configured to restrict which OIDC scopes it is allowed to request, giving administrators full control over the data shared with third-party applications.
Settings
The OIDC provider is configured through the existing REST API settings panel. Administrators can adjust the ID token lifetime and manage signing keys from a single, centralized location. The module integrates seamlessly with the MuK REST API â no separate configuration is needed.
Help and Support
Feel free to contact us, if you need any help with your Odoo
integration or additional features.
You will get 30 days of
support in case of any issues (except data recovery, migration or
training).
Our Services
Odoo
Development
Odoo
Integration
Odoo
Infrastructure
Odoo
Training
Odoo
Support
MuK OpenID Connect Provider
Extends the MuK REST API to turn Odoo into a fully compliant OpenID Connect (OIDC) Identity Provider. Adds discovery, JWKS, id_token issuance, and standard OIDC scopes on top of the existing OAuth2 authorization server.
Installation
To install this module, you need to:
Download the module and add it to your Odoo addons folder. Afterward, log on to your Odoo server and go to the Apps menu. Trigger the debug mode and update the list by clicking on the "Update Apps List" link. Now install the module by clicking on the install button.
Upgrade
To upgrade this module, you need to:
Download the module and add it to your Odoo addons folder. Restart the server and log on to your Odoo server. Select the Apps menu and upgrade the module by clicking on the upgrade button.
Configuration
After installing the module, navigate to Settings > Technical > REST API to configure the OIDC Identity Provider:
- ID Token Lifetime -- Controls how long an issued ID token remains valid (default: 3600 seconds / 1 hour).
- Signing Keys -- RSA signing keys are auto-generated on first use. Use the Rotate Key button to archive the current key and generate a new one.
- OAuth 2.0 Clients -- Each REST API OAuth 2.0 client can be individually configured with the OIDC scopes it is allowed to request (openid, profile, email, address, phone).
Usage
Once installed, the following standard OIDC endpoints become available:
- /.well-known/openid-configuration -- Discovery document
- /.well-known/jwks.json -- JSON Web Key Set
- /api/v2/authentication/oauth2/authorize -- Authorization endpoint
- /api/v2/authentication/oauth2/token -- Token endpoint
- /api/v2/userinfo -- UserInfo endpoint
External applications can register as OAuth 2.0 clients via the REST API settings and use the standard Authorization Code flow with PKCE (S256) to authenticate users against Odoo.
The module supports the following OIDC scopes:
- openid -- Required scope for OIDC authentication
- profile -- User name, username, locale, timezone
- email -- Email address and verification status
- address -- Postal address
- phone -- Phone number
Credits
Contributors
- Mathias Markl <mathias.markl@mukit.at>
Author & Maintainer
This module is maintained by the MuK IT GmbH.
MuK IT is an Austrian company specialized in customizing and extending Odoo. We develop custom solutions for your individual needs to help you focus on your strength and expertise to grow your business.
If you want to get in touch please contact us via mail (sale@mukit.at) or visit our website (https://mukit.at).
MuK Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from MuK IT GmbH. The above permissions are granted for a single database per purchased license. Furthermore, with a valid license it is permitted to use the software on other databases as long as the usage is limited to a testing or development environment. You may develop modules based on the Software or that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the MuK Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module