Authentication OpenID Connect

auth_oidc
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/19.0/auth_oidc
VERSION
VERSION 1.0.0
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
COMMITTERS
COMMITTERSAndreas Perhab, Weblate, OCA-git-bot, oca-ci
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:40:47
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - auth_oauth
    - base
    - web
    - base_setup
    - auth_signup
    - mail
    - bus
    - web_tour
    - html_editor
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES python-jose
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
This module allows users to login through an OpenID Connect provider
using the authorization code flow or implicit flow.

Note the implicit flow is not recommended because it exposes access
tokens to the browser and in http logs.

Code Analysis

Views touched (1)
XML IDNameModelTypeStatus
view_oidc_provider_form auth.oidc.provider.form auth.oauth.provider field Inherits auth_oauth.view_oauth_provider_form
Models touched (2)

New fields (7)
  • client_secret Char
    help='Used in OpenID Connect authorization code flow for confidential clients.'
  • code_verifier Char
    default=<expr> help='Used for PKCE.'
  • flow Selection
    default='access_token' required=True string='Auth Flow' args: [('access_token', 'OAuth2'), ('id_token_code', 'OpenID Connect (authorization code flow)'), ('id_token', 'OpenID Connect (implicit flow, not recommended)')]
  • jwks_uri Char
    help='Required for OpenID Connect.' string='JWKS URL'
  • token_endpoint Char
    help='Required for OpenID Connect authorization code flow.' string='Token URL'
  • token_map Char
    help="Some Oauth providers don't map keys in their responses exactly as required. It is important to ensure user_id and email at least are mapped. For OpenID Connect user_id is the sub key in the standard."
  • validation_endpoint Char
    required=False
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • auth_oauth(self, provider, params)
    @api.model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/18.0/auth_oidc
VERSION
VERSION 1.1.0
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
COMMITTERS
COMMITTERSStéphane Bidoul, Andreas Perhab, Weblate, OCA-git-bot, oca-ci, LauraCForgeFlow, Filippo
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:30:10
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - auth_oauth
    - base
    - web
    - base_setup
    - auth_signup
    - mail
    - bus
    - web_tour
    - html_editor
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES python-jose
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
This module allows users to login through an OpenID Connect provider
using the authorization code flow or implicit flow.

Note the implicit flow is not recommended because it exposes access
tokens to the browser and in http logs.

Code Analysis

Views touched (1)
XML IDNameModelTypeStatus
view_oidc_provider_form auth.oidc.provider.form auth.oauth.provider field Inherits auth_oauth.view_oauth_provider_form
Models touched (2)

New fields (8)
  • client_secret Char
    help='Used in OpenID Connect authorization code flow for confidential clients.'
  • code_verifier Char
    default=<expr> help='Used for PKCE.'
  • end_session_endpoint Char
    string='End Session URL'
  • flow Selection
    default='access_token' required=True string='Auth Flow' args: [('access_token', 'OAuth2'), ('id_token_code', 'OpenID Connect (authorization code flow)'), ('id_token', 'OpenID Connect (implicit flow, not recommended)')]
  • jwks_uri Char
    help='Required for OpenID Connect.' string='JWKS URL'
  • token_endpoint Char
    help='Required for OpenID Connect authorization code flow.' string='Token URL'
  • token_map Char
    help="Some Oauth providers don't map keys in their responses exactly as required. It is important to ensure user_id and email at least are mapped. For OpenID Connect user_id is the sub key in the standard."
  • validation_endpoint Char
    required=False
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • auth_oauth(self, provider, params)
    @api.model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/17.0/auth_oidc
VERSION
VERSION 1.2.0
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
COMMITTERS
COMMITTERSStéphane Bidoul, Andreas Perhab, Weblate, OCA-git-bot, oca-ci, Christopher Rogos
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:20:04
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - auth_oauth
    - base
    - web
    - base_setup
    - auth_signup
    - mail
    - bus
    - web_tour
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES python-jose
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
This module allows users to login through an OpenID Connect provider
using the authorization code flow or implicit flow.

Note the implicit flow is not recommended because it exposes access
tokens to the browser and in http logs.

Code Analysis

Views touched (1)
XML IDNameModelTypeStatus
view_oidc_provider_form auth.oidc.provider.form auth.oauth.provider field Inherits auth_oauth.view_oauth_provider_form
Models touched (2)

New fields (9)
  • auth_link_params Char
    help="Additional parameters for the auth link. For example: {'prompt':'select_account'}"
  • client_secret Char
    help='Used in OpenID Connect authorization code flow for confidential clients.'
  • code_verifier Char
    default=<expr> help='Used for PKCE.'
  • end_session_endpoint Char
    string='End Session URL'
  • flow Selection
    default='access_token' required=True string='Auth Flow' args: [('access_token', 'OAuth2'), ('id_token_code', 'OpenID Connect (authorization code flow)'), ('id_token', 'OpenID Connect (implicit flow, not recommended)')]
  • jwks_uri Char
    help='Required for OpenID Connect.' string='JWKS URL'
  • token_endpoint Char
    help='Required for OpenID Connect authorization code flow.' string='Token URL'
  • token_map Char
    help="Some Oauth providers don't map keys in their responses exactly as required. It is important to ensure user_id and email at least are mapped. For OpenID Connect user_id is the sub key in the standard."
  • validation_endpoint Char
    required=False
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • auth_oauth(self, provider, params)
    @api.model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/16.0/auth_oidc
VERSION
VERSION 1.4.0
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
COMMITTERS
COMMITTERSStéphane Bidoul, GitHub, Andreas Perhab, Weblate, OCA-git-bot, oca-ci, Daniel Palomar, Christopher Rogos, DonsWayo, Juan Jose Carracedo, djaen
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:11:56
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - auth_oauth
    - base
    - web
    - base_setup
    - auth_signup
    - mail
    - bus
    - web_tour
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES python-jose
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
This module allows users to login through an OpenID Connect provider
using the authorization code flow or implicit flow.

Note the implicit flow is not recommended because it exposes access
tokens to the browser and in http logs.

Code Analysis

Views touched (1)
XML IDNameModelTypeStatus
view_oidc_provider_form auth.oidc.provider.form auth.oauth.provider field Inherits auth_oauth.view_oauth_provider_form
Models touched (2)

New fields (9)
  • auth_link_params Char
    help="Additional parameters for the auth link. For example: {'prompt':'select_account'}"
  • client_secret Char
    help='Used in OpenID Connect authorization code flow for confidential clients.'
  • code_verifier Char
    default=<expr> help='Used for PKCE.'
  • end_session_endpoint Char
    string='End Session URL'
  • flow Selection
    default='access_token' required=True string='Auth Flow' args: [('access_token', 'OAuth2'), ('id_token_code', 'OpenID Connect (authorization code flow)'), ('id_token', 'OpenID Connect (implicit flow, not recommended)')]
  • jwks_uri Char
    help='Required for OpenID Connect.' string='JWKS URL'
  • token_endpoint Char
    help='Required for OpenID Connect authorization code flow.' string='Token URL'
  • token_map Char
    help="Some Oauth providers don't map keys in their responses exactly as required. It is important to ensure user_id and email at least are mapped. For OpenID Connect user_id is the sub key in the standard."
  • validation_endpoint Char
    required=False
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • auth_oauth(self, provider, params)
    @api.model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/15.0/auth_oidc
VERSION
VERSION 1.1.0
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
COMMITTERS
COMMITTERSAlexandre Fayolle, Andreas Perhab, Weblate, OCA-git-bot, oca-ci, Karl Southern, Vincent Hatakeyama
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:46:32
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - auth_oauth
    - base
    - web
    - base_setup
    - auth_signup
    - mail
    - bus
    - web_tour
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES python-jose
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (1)
XML IDNameModelTypeStatus
view_oidc_provider_form auth.oidc.provider.form auth.oauth.provider field Inherits auth_oauth.view_oauth_provider_form
Models touched (2)

New fields (7)
  • client_secret Char
    help='Used in OpenID Connect authorization code flow for confidential clients.'
  • code_verifier Char
    default=<expr> help='Used for PKCE.'
  • flow Selection
    default='access_token' required=True string='Auth Flow' args: [('access_token', 'OAuth2'), ('id_token_code', 'OpenID Connect (authorization code flow)'), ('id_token', 'OpenID Connect (implicit flow, not recommended)')]
  • jwks_uri Char
    help='Required for OpenID Connect.' string='JWKS URL'
  • token_endpoint Char
    help='Required for OpenID Connect authorization code flow.' string='Token URL'
  • token_map Char
    help="Some Oauth providers don't map keys in their responses exactly as required. It is important to ensure user_id and email at least are mapped. For OpenID Connect user_id is the sub key in the standard."
  • validation_endpoint Char
    required=False
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • auth_oauth(self, provider, params)
    @api.model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/14.0/auth_oidc
VERSION
VERSION 1.2.0
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
COMMITTERS
COMMITTERSAndreas Perhab, oca-travis, Weblate, OCA-git-bot, Chafique, oca-ci, Florian Mounier, wluyima
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:40:55
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - auth_oauth
    - base
    - web
    - base_setup
    - auth_signup
    - mail
    - bus
    - web_tour
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES python-jose
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (1)
XML IDNameModelTypeStatus
view_oidc_provider_form auth.oidc.provider.form auth.oauth.provider field Inherits auth_oauth.view_oauth_provider_form
Models touched (2)

New fields (8)
  • client_secret Char
    help='Used in OpenID Connect authorization code flow for confidential clients.'
  • code_verifier Char
    default=<expr> help='Used for PKCE.'
  • end_session_endpoint Char
    help='If set, the user is logged out in the authorization provider upon logout in the client, should be the value of end_session_endpoint specified by the authorization provider.' string='End Session URL'
  • flow Selection
    default='access_token' required=True string='Auth Flow' args: [('access_token', 'OAuth2'), ('id_token_code', 'OpenID Connect (authorization code flow)'), ('id_token', 'OpenID Connect (implicit flow, not recommended)')]
  • jwks_uri Char
    help='Required for OpenID Connect.' string='JWKS URL'
  • token_endpoint Char
    help='Required for OpenID Connect authorization code flow.' string='Token URL'
  • token_map Char
    help="Some Oauth providers don't map keys in their responses exactly as required. It is important to ensure user_id and email at least are mapped. For OpenID Connect user_id is the sub key in the standard."
  • validation_endpoint Char
    required=False
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • auth_oauth(self, provider, params)
    @api.model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/13.0/auth_oidc
VERSION
VERSION 1.1.1
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
COMMITTERS
COMMITTERSStéphane Bidoul, Andreas Perhab, oca-travis, OCA-git-bot, oca-ci
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:34:11
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - auth_oauth
    - base
    - web
    - base_setup
    - auth_signup
    - mail
    - bus
    - web_tour
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES python-jose
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (1)
XML IDNameModelTypeStatus
view_oidc_provider_form auth.oidc.provider.form auth.oauth.provider field Inherits auth_oauth.view_oauth_provider_form
Models touched (2)

New fields (7)
  • client_secret Char
    help='Used in OpenID Connect authorization code flow for confidential clients.'
  • code_verifier Char
    default=<expr> help='Used for PKCE.'
  • flow Selection
    default='access_token' required=True string='Auth Flow' args: [('access_token', 'OAuth2'), ('id_token_code', 'OpenID Connect (authorization code flow)'), ('id_token', 'OpenID Connect (implicit flow, not recommended)')]
  • jwks_uri Char
    help='Required for OpenID Connect.' string='JWKS URL'
  • token_endpoint Char
    help='Required for OpenID Connect authorization code flow.' string='Token URL'
  • token_map Char
    help="Some Oauth providers don't map keys in their responses exactly as required. It is important to ensure user_id and email at least are mapped. For OpenID Connect user_id is the sub key in the standard."
  • validation_endpoint Char
    required=False
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • auth_oauth(self, provider, params)
    @api.model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/12.0/auth_oidc
VERSION
VERSION 1.2.0
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV, ICTSTUDIO, André Schenkels
COMMITTERS
COMMITTERSHolger Brunn, Andreas Perhab, oca-travis, OCA-git-bot, oca-ci
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:29:15
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - auth_oauth
    - base
    - web
    - base_setup
    - auth_signup
    - mail
    - bus
    - web_tour
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES jose
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (1)
XML IDNameModelTypeStatus
view_oidc_provider_form auth.oidc.provider.form auth.oauth.provider field Inherits auth_oauth.view_oauth_provider_form
Models touched (3)

New fields (8)
  • client_secret Char
    help='Used in OpenID Connect authorization code flow for confidential clients.'
  • code_verifier Char
    default=<expr> help='Used for PKCE.'
  • flow Selection
    default='access_token' required=True string='Auth Flow' args: [('access_token', 'OAuth2'), ('id_token_code', 'OpenID Connect (authorization code flow)'), ('id_token', 'OpenID Connect (implicit flow, not recommended)')]
  • group_line_ids One2many → auth.oauth.provider.group_line
    string='Group mappings' args: 'auth.oauth.provider.group_line', 'provider_id'
  • jwks_uri Char
    help='Required for OpenID Connect.' string='JWKS URL'
  • token_endpoint Char
    help='Required for OpenID Connect authorization code flow.' string='Token URL'
  • token_map Char
    help="Some Oauth providers don't map keys in their responses exactly as required. It is important to ensure user_id and email at least are mapped. For OpenID Connect user_id is the sub key in the standard."
  • validation_endpoint Char
    required=False
Public methods (0)

No public methods.

New fields (3)
  • expression Char
    help='Variables: user, token' required=True
  • group_id Many2one → res.groups
    required=True args: 'res.groups'
  • provider_id Many2one → auth.oauth.provider
    required=True args: 'auth.oauth.provider'
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • auth_oauth(self, provider, params)
    @api.model