Connect2id server deployment checklist

These are the minimum required steps to setup a Connect2id server for use in production:

1. Generate a new JSON Web Key (JWK) set for the Connect2id server to cryptographically secure the issued tokens and other objects.

2. Set the token issuer URL that identifies the Connect2id server as an OpenID provider and OAuth 2.0 authorisation server.

3. Set the URL of the login page for your Connect2id server.

4. Set the URL of the logout confirmation page if you have one.

5. Generate the master tokens for the Connect2id server web APIs. Each token must consist of at least 32 random characters. You can generate them with pwgen 32 on a Linux command line.

   • The master API token for the client registration endpoint.

   • The master API token for the authorisation session endpoint.

   • The master API token for the logout endpoint.

   • The master API token for the session store.

   • The master API token for the authorisation store.

   • The master API token for the monitoring endpoint.

6. Set up a database for the Connect2id server to persist its own data, such as client app registrations and long-lived authorisations.

7. Provide the details of your OpenID claims source(s), for needed for the UserInfo endpoint. The Connect2id server comes with a ready connector for sourcing user attributes from an LDAP directory. If you intend to use a different source create your own connector.