# OneID SSO Integration (PKCE)

## Step 1 - Determined the platform 

OneID SSO support many type of platform including:

1. Native/Mobile App (Mobile or Desktop app that support web browser web-view)
2. Single-Page App (JavaScript web app that runs in the browser)
3. Regular Web App (Traditional web app that runs on the server)
4. Backend/API (An API or service protected)

## Step 2 - Pick the SDK

Select the SDK that match with your project programing language

| Language & framework | OIDC Client                                                                                                                                                                                                                                                                                                                  |
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Vue                  | ![](https://github.githubassets.com/favicon.ico)<https://github.com/IdentityModel/oidc-client-js>                                                                                                                                                                                                                            |
| React Native         | ![](https://github.githubassets.com/favicon.ico)<https://github.com/FormidableLabs/react-native-app-auth>                                                                                                                                                                                                                    |
| Angular              | ![](https://github.githubassets.com/favicon.ico)<https://github.com/manfredsteyer/angular-oauth2-oidc>                                                                                                                                                                                                                       |
| Javascript           | ![](https://github.githubassets.com/favicon.ico)<https://github.com/openid/AppAuth-JS>                                                                                                                                                                                                                                       |
| Android              | ![](https://github.githubassets.com/favicon.ico)<https://github.com/openid/AppAuth-Android>                                                                                                                                                                                                                                  |
| IOS & MacOS          | ![](https://github.githubassets.com/favicon.ico)<https://github.com/openid/AppAuth-iOS>                                                                                                                                                                                                                                      |
| Golang               | <p><https://godoc.org/golang.org/x/oauth2><br><img src="https://github.githubassets.com/favicon.ico" alt=""><https://github.com/coreos/go-oidc></p>                                                                                                                                                                          |
| PHP                  | <https://oauth.net/code/php/>                                                                                                                                                                                                                                                                                                |
| Java                 | ![](https://github.githubassets.com/favicon.ico)<https://github.com/scribejava/scribejava>                                                                                                                                                                                                                                   |
| .NET                 | <https://oauth.net/code/dotnet/>                                                                                                                                                                                                                                                                                             |
| NodeJS               | <p><img src="https://github.githubassets.com/favicon.ico" alt=""><https://github.com/jaredhanson/passport><br><img src="https://github.githubassets.com/favicon.ico" alt=""><https://github.com/simov/grant><br><img src="https://github.githubassets.com/favicon.ico" alt=""><https://github.com/lelylan/simple-oauth2></p> |
| RUBY                 | ![](https://github.githubassets.com/favicon.ico)<https://github.com/oauth-xx/oauth2>                                                                                                                                                                                                                                         |
| Python               | <https://oauth.net/code/python/>                                                                                                                                                                                                                                                                                             |

## Step 3 - Create Client

*Contact us to create/register Client: <VUPNA@Onemount.com>*

Tenant & Client is the identity of the 3rd party service which use OneID SS&#x4F;*.* Required information for registering including:

1. `client_id` - ID of the 3rd party app
2. `client_secret` - optional
3. `redirect_uris` - the redirect url after the process complete
4. `owner` - owner of the 3rd party app
5. `contacts` - email of the owner
6. `client_name` - name of the 3rd party app. *This information is required for white label*
7. `logo_uri` - logo of the 3rd party app. This information is required for white label
8. `client_uri` - home page URL of 3rd party app. This information is required for white label
9. `policy_uri` - policy page. This information is required for white label
10. `tos_uri` - term & condition page. *This information is required for white label*
11. *`post_logout_redirect_uri` - Hyperlink when click on 3rd party app logo image*
12. `frontchannel_logout_uri` - Logout URL for frontent
13. `backchannel_logout_uri` - Logout URL for backend
14. `metadata` - json format data which contain additional data such as:
    1. background image
    2. hotline - phone number
    3. support email&#x20;

## Step 4 - Working Flow

![Sequence diagram](/files/-MGgBUD0ZH0ZEK-pdglV)

### Make the login button.

Assuming step 2 & 3 is completed.

1. User click the login button on 3rd app
2. SDK it will generate `code_verifier` and `code_challenge` (from `code_verifier`).
3. SDK send `authorization_code` and `code_challenge` to **/auth** endpoint\
   `GET` [`https://oauth-qc.vinid.dev/oauth2/auth?client_id={client_id}&redirect_uri={callback_url}&response_type=code&scope={scope}&state={state}&code_challenge={code_challenge}&code_challenge_method=S256`](https://oauth-qc.vinid.dev/oauth2/auth?client_id={client_id}\&redirect_uri={callback_url}\&response_type=code\&scope={scope}\&state={state}\&code_challenge={code_challenge}\&code_challenge_method=S256)
4. OneID redirect to OneID login form
5. User login and consent scope
6. OneID callback `authorization_code` to 3rd app
7. SDK call /token endpoint with `authorization_code` and code\_verifier
8. OneID validate `code_verifier`
9. OneID return `access_token`, `id_token` & `access_token`

### Get resource with authorization code

10\. 3rd party app uses access\_token to access resource server (ex: /**userinfo** endpoint).\
11\. Resource server return data.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developers.vinid.net/tai-lieu-tich-hop/tich-hop-vinid-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.