Skip to content

OpenID Connect

The Ultimaker Account supports the OpenID Connect (OIDC) specification. OIDC describes a way to offer authentication and SSO functionality on top of OAuth2. We support the core and discovery specifications outlined at the OpenID website.

Configuration

The following URLs are needed for configuring OpenID Connect client applications:

  • Issuer root URL: https://account.ultimaker.com
  • Authorization endpoint: /authorize
  • Token endpoint: /token
  • Token endpoint authentication type: Basic auth
  • Discovery (metadata) endpoint: /.well-known/openid-configuration
  • JWKS endpoint: /.well-known/jwks
  • Client ID: Provided by Ultimaker
  • Client secret: Provided by Ultimaker

ID token

To obtain an ID token for a user, follow the OAuth2 flow and make sure that you request the openid scope. At the end of the flow, the bearer token response will contain the token in a field called id_token.

{
    "token_type": "bearer",
    "access_token": "YOUR_JWT_ACCESS_TOKEN",
    "refresh_token": "YOUR_REFRESH_TOKEN",
    "expires_in": 600,
    "scope": "SOME SCOPES",
    "id_token": "YOUR_JWT_ID_TOKEN"
}

This token can be decoded with the public key available at the JWKS endpoint.

Info

The user info endpoint is currently not supported, please use the ID token for user information.

Claims

We follow the naming convention for all the standard claims as documented in the official spec.

Claim Description Value(s) Type
iss The token issuer account.ultimaker.com Standard
aud The unique ID of the OAuth2 client Standard
iat The datetime of token generation as Unix timestamp Standard
exp The datetime of token expiry Standard
sub The unique ID of the user Standard
name The name of the user Standard
email The email address of the user Standard
picture A URL for the profile picture of the user Standard
customer_type The type of Ultimaker customer 00_default, 01_partner, 02_enterprise, 03_education Custom
org_id The unique ID of the organization that the user is a part of (empty for private users) Custom
org_name The display name of the organization that the user is a part of (empty for private users) Custom
org_product_enterprise The enterprise subscription level of the organization that the user is a part of (empty for users without subscription) essentials, professional, excellence Custom
org_product_support The service & support subscription level of the organization that the user is a part of (empty for users without subscription) light, standard, advanced Custom
roles A list of roles of the user Custom