Overview

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.

Prerequisite

Below is the list of parameters that are required to be configured in order for the tenant to integrate oAuth2. We will have to share the oAuth launch URL with the partner to initiate the login flow.

Name	Sample Value	Description
Profile API URL	https://api.partner.com/v2/my/profile	URL to fetch the profile details of the logged in user from partners system
Token URL	https://launch.partner.com/oauth2/v2/token	URL to obtain the token from the partner system
Client Secret	1f5632bbed1cab6b6450ac46d11770eb	Client Secret to be used to obtain the token
Auth URL	https://launch.partner.com/oauth2/v2/auth	Authorization endpoint
Test User Account	Username and Password of Test User Account	Test username and password to execute E2E flows

Gooru will configure SSO access and share client id and secret.

oAuth2 Login

In order to use oAuth2, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change)

https://gooru.org/api/nucleus-auth-idp/v1/oauth2

Gooru will then redirect the to the issuer / login URL based on the client id passed in the request. If a user is not already logged in at clients application, the login page will be displayed.

Based on the claims received, the user details are verified in Gooru and the user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.