hi everyone, I'm trying to configure kratos to communicate with an identity provider through oidc (for test purpose it's a keycloak). I think that I have correctly configure kratos, now I would like to test the solution, Do you have resources, tuto that can explain me how to develop the rest ?

Hello @gifted-airplane-80186 https://www.ory.sh/docs/kratos/social-signin/generic https://www.ory.sh/docs/kratos/social-signin/overview for selfhosted specifically, but its more or less the same: https://www.ory.sh/docs/self-hosted/kratos/configuration/oidc Just pushed a fix for some broken links in the above: https://github.com/ory/docs/pull/1402

thanks for your answer

@gifted-airplane-80186 I don't know if you were able to solve this but may be this helps you out. We've configured and tested it with Microsoft AD and AWS Cognito:

oidc:
          enabled: true
          config:
            providers:
              - id: microsoft
                provider: microsoft
                label: microsoft
                client_id: YOURCLIENTID
                client_secret: YOURCLIENTSECRET
                microsoft_tenant: common
                issuer_url: <https://login.microsoftonline.com/common/oauth2/v2.0/authorize>
                mapper_url: <https://storage.googleapis.com/bac-gcs-production/ca2c1bb3278251cd64913563fcff9412253581c821d078016e55761e965f989530a8777852603e571aa19ec09553af1cfdd28ba58489d94e4e2f9b906d04455f.jsonnet>
                scope:
                  - openid
                  - profile
                  - email
                  - <https://graph.microsoft.com/User.Read>           
                subject_source: me
              - id: cognito
                provider: generic
                label: cognito
                client_id: YOURCLIENTID
                client_secret: YOURCLIENTSECRET
                issuer_url: <https://cognito-idp.YOURCOGNITREGION.amazonaws.com/YOURUSERPOOLID>
                mapper_url: <https://pastebin.pl/view/raw/36c49b21> 
                scope:
                  - openid
                  - email
                  - aws.cognito.signin.user.admin
                  - profile

The client secret and client id you take it from your registered app in microsoft. The client id you take it from overview and the secret id you can take if from authentication. The client id you take from certificate and secrets. In cognito you can get the information needed from your user pool--> app integrations --> create new app client. Hope it helps.