A Concourse server can authenticate against any valid OIDC auth provider. This provider is similar to Generic oAuth except it only requires an issuer URL rather than auth/token/userinfo URLs.
First you'll need to create a client with your oAuth provider.
The callback URL must be the URL of your Concourse server with
/sky/issuer/callback appended. This address must be reachable by your OIDC provider - it can't be
For example, Concourse's own CI server's callback URL would be:
web node env config may look something like this:
CONCOURSE_OIDC_DISPLAY_NAME=Acme CONCOURSE_OIDC_CLIENT_ID=myclientid CONCOURSE_OIDC_CLIENT_SECRET=myclientsecret CONCOURSE_OIDC_ISSUER=https://oidc.example.com
concourse web --help for a full list of flags with descriptions.