{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"required","results":{"codes":[]},"settings":"","params":[],"examples":{"codes":[]}},"next":{"description":"","pages":[]},"title":"oAuth2 SSO","type":"basic","slug":"oauth2-sso","excerpt":"","body":"[block:api-header]\n{\n  \"title\": \"Overview\"\n}\n[/block]\nSingle sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.\n[block:api-header]\n{\n  \"title\": \"Prerequisite\"\n}\n[/block]\nBelow is the list of parameters that are required to be configured in order for the tenant to integrate oAuth2. We will have to share the oAuth launch URL with the partner to initiate the login flow.\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"Name\",\n    \"h-1\": \"Sample Value\",\n    \"0-0\": \"Profile API URL\",\n    \"1-0\": \"Token URL\",\n    \"1-1\": \"https://launch.partner.com/oauth2/v2/token\",\n    \"0-1\": \"https://api.partner.com/v2/my/profile\",\n    \"2-0\": \"Client Secret\",\n    \"2-1\": \"1f5632bbed1cab6b6450ac46d11770eb\",\n    \"h-2\": \"Description\",\n    \"0-2\": \"URL to fetch the profile details of the logged in user from partners system\",\n    \"1-2\": \"URL to obtain the token from the partner system\",\n    \"2-2\": \"Client Secret to be used to obtain the token\",\n    \"3-0\": \"Auth URL\",\n    \"3-1\": \"https://launch.partner.com/oauth2/v2/auth\",\n    \"3-2\": \"Authorization endpoint\",\n    \"4-0\": \"Test User Account\",\n    \"4-1\": \"Username and Password of Test User Account\",\n    \"4-2\": \"Test username and password to execute E2E flows\"\n  },\n  \"cols\": 3,\n  \"rows\": 5\n}\n[/block]\nGooru will configure SSO access and share client id and secret.\n[block:api-header]\n{\n  \"title\": \"oAuth2 Login\"\n}\n[/block]\nIn order to use oAuth2, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change)\n\n\nhttps://gooru.org/api/nucleus-auth-idp/v1/oauth2\n\n\nGooru will then redirect the to the issuer / login URL based on the client id passed in the request. If a user is not already logged in at clients application, the login page will be displayed. \n\n\nBased on the claims received, the user details are verified in Gooru and the user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.","updates":[],"order":999,"isReference":false,"hidden":false,"sync_unique":"","link_url":"","link_external":false,"_id":"5f4d136ba134e200393f4960","createdAt":"2020-08-31T15:12:43.332Z","user":"5dc3f7bf4ce31a00f0795e4b","category":{"sync":{"isSync":false,"url":""},"pages":[],"title":"Single Sign-On","slug":"single-sign-on","order":23,"from_sync":false,"reference":false,"_id":"599bc76bc03fa2000f83db2a","project":"56439dfe9eebf70d00490d54","version":"5864d2df79ce642d00f0fec7","createdAt":"2017-08-22T05:55:55.391Z","__v":0},"version":{"version":"2","version_clean":"2.0.0","codename":"","is_stable":true,"is_beta":true,"is_hidden":false,"is_deprecated":false,"categories":["5864d2df79ce642d00f0fec8","5864d2df79ce642d00f0fec9","5864d2df79ce642d00f0feca","5864d2df79ce642d00f0fecb","5864d2df79ce642d00f0fecc","5864d2df79ce642d00f0fecd","5864d2df79ce642d00f0fece","5864d2df79ce642d00f0fecf","5864d2df79ce642d00f0fed0","5864d2df79ce642d00f0fed1","5864d2df79ce642d00f0fed2","5864d2df79ce642d00f0fed3","5864d2df79ce642d00f0fed4","5864d2df79ce642d00f0fed5","5864d2df79ce642d00f0fed6","5864d2df79ce642d00f0fed7","5864d2df79ce642d00f0fed8","5864d2df79ce642d00f0fed9","5864d2df79ce642d00f0feda","5864d2df79ce642d00f0fedb","5864d2df79ce642d00f0fedc","5864d2df79ce642d00f0fedd","5864d2df79ce642d00f0fede","598aa64f4b6e990019b7a2d2","599bc76bc03fa2000f83db2a","599bcc3c3c5bf7000f3434fc","5d427dc9fa56fa0011135058","5d429c616863d5003af785a7","5d429e0889418f00c5e95d3f","5d42b5f098b05e003acb08b4","5d43c16985775c00ebeede3b","5d43d15446d584003da91e6d","5d43d61a5bdac50011b6f234","5d43d7c2db365100640dbc58","5d43d954bffa8400ff7efa78","5d43e414cf4f03005944344c","5d43eb42db365100640dbe4a","5d43ee6c78121b0057bc1dbf","5d9a18b4afc33400126c4e6f","5dc4f96dbb5da3006c8f5660"],"_id":"5864d2df79ce642d00f0fec7","createdAt":"2016-12-29T09:09:51.074Z","project":"56439dfe9eebf70d00490d54","releaseDate":"2016-12-29T09:09:51.074Z","__v":18},"project":"56439dfe9eebf70d00490d54","__v":0}
[block:api-header] { "title": "Overview" } [/block] Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. [block:api-header] { "title": "Prerequisite" } [/block] Below is the list of parameters that are required to be configured in order for the tenant to integrate oAuth2. We will have to share the oAuth launch URL with the partner to initiate the login flow. [block:parameters] { "data": { "h-0": "Name", "h-1": "Sample Value", "0-0": "Profile API URL", "1-0": "Token URL", "1-1": "https://launch.partner.com/oauth2/v2/token", "0-1": "https://api.partner.com/v2/my/profile", "2-0": "Client Secret", "2-1": "1f5632bbed1cab6b6450ac46d11770eb", "h-2": "Description", "0-2": "URL to fetch the profile details of the logged in user from partners system", "1-2": "URL to obtain the token from the partner system", "2-2": "Client Secret to be used to obtain the token", "3-0": "Auth URL", "3-1": "https://launch.partner.com/oauth2/v2/auth", "3-2": "Authorization endpoint", "4-0": "Test User Account", "4-1": "Username and Password of Test User Account", "4-2": "Test username and password to execute E2E flows" }, "cols": 3, "rows": 5 } [/block] Gooru will configure SSO access and share client id and secret. [block:api-header] { "title": "oAuth2 Login" } [/block] In order to use oAuth2, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change) https://gooru.org/api/nucleus-auth-idp/v1/oauth2 Gooru will then redirect the to the issuer / login URL based on the client id passed in the request. If a user is not already logged in at clients application, the login page will be displayed. Based on the claims received, the user details are verified in Gooru and the user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.