Tài liệu tích hợp
Đối soát
OneID SSO Integration (PKCE)
OneID's Identity and Access Management (IAM) solution uses PKCE (Proof Key for Code Exchange) method from open standards such as Oauth2 & OpenID Connect to provide authentication and authorization.
Step 1 - Determined the platform
OneID SSO support many type of platform including:
- 1.Native/Mobile App (Mobile or Desktop app that support web browser web-view)
- 2.Single-Page App (JavaScript web app that runs in the browser)
- 3.Regular Web App (Traditional web app that runs on the server)
- 4.Backend/API (An API or service protected)
Step 2 - Pick the SDK
Select the SDK that match with your project programing language
Language & framework
OIDC Client
Vue
https://github.com/IdentityModel/oidc-client-js
React Native
https://github.com/FormidableLabs/react-native-app-auth
Angular
https://github.com/manfredsteyer/angular-oauth2-oidc
Javascript
https://github.com/openid/AppAuth-JS
Android
https://github.com/openid/AppAuth-Android
IOS & MacOS
https://github.com/openid/AppAuth-iOS
Golang
https://godoc.org/golang.org/x/oauth2
https://github.com/coreos/go-oidc
PHP
https://oauth.net/code/php/
Java
https://github.com/scribejava/scribejava
.NET
https://oauth.net/code/dotnet/
NodeJS
https://github.com/jaredhanson/passport
https://github.com/simov/grant
https://github.com/lelylan/simple-oauth2
RUBY
https://github.com/oauth-xx/oauth2
Python
https://oauth.net/code/python/
Step 3 - Create Client
Contact us to create/register Client: [email protected]
Tenant & Client is the identity of the 3rd party service which use OneID SSO. Required information for registering including:
- 1.
client_id- ID of the 3rd party app - 2.
client_secret- optional - 3.
redirect_uris- the redirect url after the process complete - 4.
owner- owner of the 3rd party app - 5.
contacts- email of the owner - 6.
client_name- name of the 3rd party app. This information is required for white label - 7.
logo_uri- logo of the 3rd party app. This information is required for white label - 8.
client_uri- home page URL of 3rd party app. This information is required for white label - 9.
policy_uri- policy page. This information is required for white label - 10.
tos_uri- term & condition page. This information is required for white label - 11.
post_logout_redirect_uri- Hyperlink when click on 3rd party app logo image - 12.
frontchannel_logout_uri- Logout URL for frontent - 13.
backchannel_logout_uri- Logout URL for backend - 14.
metadata- json format data which contain additional data such as:- 1.background image
- 2.hotline - phone number
- 3.support email
Step 4 - Working Flow
Sequence diagram
Make the login button.
Assuming step 2 & 3 is completed.
- 1.User click the login button on 3rd app
- 2.SDK it will generate
code_verifierandcode_challenge(fromcode_verifier). - 3.SDK send
authorization_codeandcode_challengeto /auth endpointGEThttps://oauth-qc.vinid.dev/oauth2/auth?client_id={client_id}&redirect_uri={callback_url}&response_type=code&scope={scope}&state={state}&code_challenge={code_challenge}&code_challenge_method=S256 - 4.OneID redirect to OneID login form
- 5.User login and consent scope
- 6.OneID callback
authorization_codeto 3rd app - 7.SDK call /token endpoint with
authorization_codeand code_verifier - 8.OneID validate
code_verifier - 9.OneID return
access_token,id_token&access_token
Get resource with authorization code
10. 3rd party app uses access_token to access resource server (ex: /userinfo endpoint).
11. Resource server return data.
Last modified 1yr ago