oAuth2 SSO

Overview

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.

Prerequisite

Below is the list of parameters that are required to be configured in order for the tenant to integrate oAuth2. We will have to share the oAuth launch URL with the partner to initiate the login flow.

Name

Sample Value

Description

Profile API URL

https://api.partner.com/v2/my/profile

URL to fetch the profile details of the logged in user from partners system

Token URL

https://launch.partner.com/oauth2/v2/token

URL to obtain the token from the partner system

Client Secret

1f5632bbed1cab6b6450ac46d11770eb

Client Secret to be used to obtain the token

Auth URL

https://launch.partner.com/oauth2/v2/auth

Authorization endpoint

Test User Account

Username and Password of Test User Account

Test username and password to execute E2E flows

Gooru will configure SSO access and share client id and secret.

oAuth2 Login

In order to use oAuth2, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change)

https://gooru.org/api/nucleus-auth-idp/v1/oauth2

Gooru will then redirect the to the issuer / login URL based on the client id passed in the request. If a user is not already logged in at clients application, the login page will be displayed.

Based on the claims received, the user details are verified in Gooru and the user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.