oAuth2 SSO

Overview

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.

Prerequisite

Below is the list of parameters that are required to be configured in order for the tenant to integrate oAuth2. We will have to share the oAuth launch URL with the partner to initiate the login flow.

NameSample ValueDescription
Profile API URLhttps://api.partner.com/v2/my/profileURL to fetch the profile details of the logged in user from partners system
Token URLhttps://launch.partner.com/oauth2/v2/tokenURL to obtain the token from the partner system
Client Secret1f5632bbed1cab6b6450ac46d11770ebClient Secret to be used to obtain the token
Auth URLhttps://launch.partner.com/oauth2/v2/authAuthorization endpoint
Test User AccountUsername and Password of Test User AccountTest username and password to execute E2E flows

Gooru will configure SSO access and share client id and secret.

oAuth2 Login

In order to use oAuth2, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change)

https://gooru.org/api/nucleus-auth-idp/v1/oauth2

Gooru will then redirect the to the issuer / login URL based on the client id passed in the request. If a user is not already logged in at clients application, the login page will be displayed.

Based on the claims received, the user details are verified in Gooru and the user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.