OpenID Connect¶
The Ultimaker Account supports the OpenID Connect (OIDC) specification.
OIDC describes a way to offer authentication and SSO functionality on top of OAuth2.
We support the core and discovery specifications outlined at the OpenID website.
Configuration¶
The following URLs are needed for configuring OpenID Connect client applications:
- Issuer root URL:
https://account.ultimaker.com - Authorization endpoint:
/authorize - Token endpoint:
/token - Token endpoint authentication type:
Basic auth - Discovery (metadata) endpoint:
/.well-known/openid-configuration - JWKS endpoint:
/.well-known/jwks - Client ID: Provided by Ultimaker
- Client secret: Provided by Ultimaker
ID token¶
To obtain an ID token for a user, follow the OAuth2 flow and make sure that you request the openid scope.
At the end of the flow, the bearer token response will contain the token in a field called id_token.
{
"token_type": "bearer",
"access_token": "YOUR_JWT_ACCESS_TOKEN",
"refresh_token": "YOUR_REFRESH_TOKEN",
"expires_in": 600,
"scope": "SOME SCOPES",
"id_token": "YOUR_JWT_ID_TOKEN"
}
This token can be decoded with the public key available at the JWKS endpoint.
Info
The user info endpoint is currently not supported, please use the ID token for user information.
Claims¶
We follow the naming convention for all the standard claims as documented in the official spec.
| Claim | Description | Value(s) | Type |
|---|---|---|---|
iss |
The token issuer | account.ultimaker.com |
Standard |
aud |
The unique ID of the OAuth2 client | Standard | |
iat |
The datetime of token generation as Unix timestamp | Standard | |
exp |
The datetime of token expiry | Standard | |
sub |
The unique ID of the user | Standard | |
name |
The name of the user | Standard | |
email |
The email address of the user | Standard | |
picture |
A URL for the profile picture of the user | Standard | |
customer_type |
The type of Ultimaker customer | 00_default, 01_partner, 02_enterprise, 03_education |
Custom |
org_id |
The unique ID of the workspace that the user is currently using (empty for personal users) | Custom | |
org_name |
The display name of the workspace that the user is currently using (empty for personal users) | Custom | |
org_product_enterprise |
The enterprise subscription level of the workspace that the user is currently using (empty for personal users) | essentials, professional, excellence |
Custom |
org_product_support |
The service & support subscription level of the organization that the user is currently using (empty for personal users) | light, standard, advanced |
Custom |
roles |
A list of roles of the user | Custom |