OneID SSO Integration (PKCE)
OneID's Identity and Access Management (IAM) solution uses PKCE (Proof Key for Code Exchange) method from open standards such as Oauth2 & OpenID Connect to provide authentication and authorization.
OneID SSO support many type of platform including:
- 1.Native/Mobile App (Mobile or Desktop app that support web browser web-view)
- 2.Single-Page App (JavaScript web app that runs in the browser)
- 3.Regular Web App (Traditional web app that runs on the server)
- 4.Backend/API (An API or service protected)
Select the SDK that match with your project programing language
Language & framework | OIDC Client |
Vue | |
React Native | |
Angular | |
Javascript | |
Android | |
IOS & MacOS | |
Golang | https://godoc.org/golang.org/x/oauth2
|
PHP | https://oauth.net/code/php/ |
Java | |
.NET | https://oauth.net/code/dotnet/ |
NodeJS | |
RUBY | |
Python | https://oauth.net/code/python/ |
Contact us to create/register Client: [email protected]
Tenant & Client is the identity of the 3rd party service which use OneID SSO. Required information for registering including:
- 1.
client_id
- ID of the 3rd party app - 2.
client_secret
- optional - 3.
redirect_uris
- the redirect url after the process complete - 4.
owner
- owner of the 3rd party app - 5.
contacts
- email of the owner - 6.
client_name
- name of the 3rd party app. This information is required for white label - 7.
logo_uri
- logo of the 3rd party app. This information is required for white label - 8.
client_uri
- home page URL of 3rd party app. This information is required for white label - 9.
policy_uri
- policy page. This information is required for white label - 10.
tos_uri
- term & condition page. This information is required for white label - 11.
post_logout_redirect_uri
- Hyperlink when click on 3rd party app logo image - 12.
frontchannel_logout_uri
- Logout URL for frontent - 13.
backchannel_logout_uri
- Logout URL for backend - 14.
metadata
- json format data which contain additional data such as:- 1.background image
- 2.hotline - phone number
- 3.support email

Sequence diagram
Assuming step 2 & 3 is completed.
- 1.User click the login button on 3rd app
- 2.SDK it will generate
code_verifier
andcode_challenge
(fromcode_verifier
). - 3.SDK send
authorization_code
andcode_challenge
to /auth endpointGET
https://oauth-qc.vinid.dev/oauth2/auth?client_id={client_id}&redirect_uri={callback_url}&response_type=code&scope={scope}&state={state}&code_challenge={code_challenge}&code_challenge_method=S256
- 4.OneID redirect to OneID login form
- 5.User login and consent scope
- 6.OneID callback
authorization_code
to 3rd app - 7.SDK call /token endpoint with
authorization_code
and code_verifier - 8.OneID validate
code_verifier
- 9.OneID return
access_token
,id_token
&access_token
10. 3rd party app uses access_token to access resource server (ex: /userinfo endpoint).
11. Resource server return data.
Last modified 2yr ago