Other frameworks

Kenni implements OpenID Connect to spec, so any conformant client library can talk to it. The integration is the same in every language: discover the endpoints, configure your client with your credentials, request the scopes you need.

What every library needs

Three values, plus a redirect URI registered on your application in the developer portal:

Issuer URL — https://idp.kenni.is/<team-domain>. Most libraries take this and discover everything else from /.well-known/openid-configuration.
Client ID — shown on the application's Overview tab, e.g. @<team-domain>/web.
Client secret — only for confidential clients (Web, M2M). Public clients (SPA, Native, Device) authenticate via PKCE.

Library suggestions

Language	Library	Notes
Ruby	`omniauth_openid_connect`	Plug into Rails via Omniauth.
PHP	`jumbojett/openid-connect-php`	Single-file dependency, easy to drop in.
Rust	`openidconnect`	Async, JWT validation, PKCE.
Elixir	`oidcc`	OpenID Foundation–certified.

If your language has a dedicated guide in this section, prefer that. Otherwise, anything compliant with OpenID Connect Core 1.0 and PKCE will work.

Things to get right

PKCE is required for public clients. SPA, Native, and Device application types must use PKCE on the authorization request and code exchange. Most modern libraries do this by default.
Validate the ID token. Verify the signature against the JWKS from discovery, the iss against your issuer, the aud against your client ID, and the nonce if you sent one.
Honour state. Always send a random state and reject the callback if the value doesn't match.

When in doubt

The No framework (curl) guide shows the wire-level requests every library is wrapping. If your library is misbehaving, run the equivalent curl command and compare — that usually pinpoints which parameter is wrong.

Next steps

No framework (curl)

Understand the protocol your library is wrapping.

API scopes

Add custom scopes for fine-grained access to your APIs.

Get started

Applications