OneID SSO Integration (PKCE)
OneID's Identity and Access Management (IAM) solution uses PKCE (Proof Key for Code Exchange) method from open standards such as Oauth2 & OpenID Connect to provide authentication and authorization.
Step 1 - Determined the platform
OneID SSO support many type of platform including:
Native/Mobile App (Mobile or Desktop app that support web browser web-view)
Single-Page App (JavaScript web app that runs in the browser)
Regular Web App (Traditional web app that runs on the server)
Backend/API (An API or service protected)
Step 2 - Pick the SDK
Select the SDK that match with your project programing language
Language & framework | OIDC Client |
Vue | |
React Native | |
Angular | |
Javascript | |
Android | |
IOS & MacOS | |
Golang | |
PHP | https://oauth.net/code/php/ |
Java | |
.NET | https://oauth.net/code/dotnet/ |
NodeJS | |
RUBY | |
Python | https://oauth.net/code/python/ |
Step 3 - Create Client
Contact us to create/register Client: VUPNA@Onemount.com
Tenant & Client is the identity of the 3rd party service which use OneID SSO. Required information for registering including:
client_id
- ID of the 3rd party appclient_secret
- optionalredirect_uris
- the redirect url after the process completeowner
- owner of the 3rd party appcontacts
- email of the ownerclient_name
- name of the 3rd party app. This information is required for white labellogo_uri
- logo of the 3rd party app. This information is required for white labelclient_uri
- home page URL of 3rd party app. This information is required for white labelpolicy_uri
- policy page. This information is required for white labeltos_uri
- term & condition page. This information is required for white labelpost_logout_redirect_uri
- Hyperlink when click on 3rd party app logo imagefrontchannel_logout_uri
- Logout URL for frontentbackchannel_logout_uri
- Logout URL for backendmetadata
- json format data which contain additional data such as:background image
hotline - phone number
support email
Step 4 - Working Flow
Make the login button.
Assuming step 2 & 3 is completed.
User click the login button on 3rd app
SDK it will generate
code_verifier
andcode_challenge
(fromcode_verifier
).SDK send
authorization_code
andcode_challenge
to /auth endpointGET
https://oauth-qc.vinid.dev/oauth2/auth?client_id={client_id}&redirect_uri={callback_url}&response_type=code&scope={scope}&state={state}&code_challenge={code_challenge}&code_challenge_method=S256
OneID redirect to OneID login form
User login and consent scope
OneID callback
authorization_code
to 3rd appSDK call /token endpoint with
authorization_code
and code_verifierOneID validate
code_verifier
OneID return
access_token
,id_token
&access_token
Get resource with authorization code
10. 3rd party app uses access_token to access resource server (ex: /userinfo endpoint). 11. Resource server return data.
Last updated