Overview
Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.
Prerequisite
Below is the list of parameters that are required to be configured in order for the tenant to integrate Google Sign In.
| Name | Sample Value | Description |
|---|---|---|
| Client ID | 906946589628-idr2k5srkrl2uuq0n85uur28nv90nc6q.apps.googleusercontent.com | Client ID of the partners Google console account |
| Client Secret | 7c4BEITQFtFZVtqhLnUN5wgN | Client Secret of the partners Google console account |
| Authorized Domains | gmail.com, gooru.org | List of domains that need to be authorized for this integration. Email addresses outside of these domains will not be able to access. |
Gooru will configure SSO access and share client id and secret.
Google Auth
In order to use Google SSO, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change):
https://beta.gooru.org/api/nucleus-auth-idp/v1/google?redirectURL=https://beta.gooru.org
Gooru will then redirect the to the issuer / login URL based on the client id passed in the request. If a user is not already logged in at clients application, the login page will be displayed.
Based on the claims received, the user details are verified in Gooru and the user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.