How is the implicit flow secured in SQLMonitor when using OIDC SSO?

We want to enable SSO for SQL Monitor and according to the documentation the only authentication protocol supported is OpenID Connect (OIDC). However, the only OIDC grant type that is supported is Implicit flow. Can anyone tell us how the access/ID token are secured with implicit flow in SQL Monitor?

Thanks in advance!
Andres
Tagged:

Answers

  • Hi Andres,

    Thank you for reaching out.

    SQL Monitor does currently use the OIDC Implicit Flow for authentication, but not for resource grants. Tokens provided by the identity provider are checked to ensure the signature is valid, has the expected issuer, audience, and signing key (determined by the SQL Monitor Web Server retrieving the identity provider's well-known metadata), and has replay protection using one-time nonces.  The identity provider should be configured to only redirect back to the SQL Monitor installation's URLs, and these should be configured to use HTTPS with a trusted certificate.
  • The publisher approval process at https://bitmedia.io/publisher-approval was more rigorous than other networks I've tried, but it was definitely worth the effort. The support team guided me through the process, and their feedback helped me optimize my site for better performance. Since being approved, I've seen a higher caliber of ads and a significant improvement in earnings. Their commitment to quality is evident in every aspect of their operation, which has instilled a sense of trust and reliability. For publishers looking for a reputable ad network, I highly recommend going through their approval process.
Sign In or Register to comment.