Overview
Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.
Prerequisite
Below is the list of parameters that are required to be configured in order for the tenant to integrate oAuth2. We will have to share the oAuth launch URL with the partner to initiate the login flow.
Name | Sample Value | Description |
|---|---|---|
Profile API URL | URL to fetch the profile details of the logged in user from partners system | |
Token URL | URL to obtain the token from the partner system | |
Client Secret | 1f5632bbed1cab6b6450ac46d11770eb | Client Secret to be used to obtain the token |
Auth URL | Authorization endpoint | |
Test User Account | Username and Password of Test User Account | Test username and password to execute E2E flows |
Gooru will configure SSO access and share client id and secret.
oAuth2 Login
In order to use oAuth2, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change)
https://gooru.org/api/nucleus-auth-idp/v1/oauth2
Gooru will then redirect the to the issuer / login URL based on the client id passed in the request. If a user is not already logged in at clients application, the login page will be displayed.
Based on the claims received, the user details are verified in Gooru and the user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.