OneID SSO Integration (PKCE)
OneID's Identity and Access Management (IAM) solution uses PKCE (Proof Key for Code Exchange) method from open standards such as Oauth2 & OpenID Connect to provide authentication and authorization.
Last updated
OneID's Identity and Access Management (IAM) solution uses PKCE (Proof Key for Code Exchange) method from open standards such as Oauth2 & OpenID Connect to provide authentication and authorization.
Last updated
OneID SSO support many type of platform including:
Native/Mobile App (Mobile or Desktop app that support web browser web-view)
Single-Page App (JavaScript web app that runs in the browser)
Regular Web App (Traditional web app that runs on the server)
Backend/API (An API or service protected)
Select the SDK that match with your project programing language
Contact us to create/register Client: VUPNA@Onemount.com
Tenant & Client is the identity of the 3rd party service which use OneID SSO. Required information for registering including:
client_id - ID of the 3rd party app
client_secret - optional
redirect_uris - the redirect url after the process complete
owner - owner of the 3rd party app
contacts - email of the owner
client_name - name of the 3rd party app. This information is required for white label
logo_uri - logo of the 3rd party app. This information is required for white label
client_uri - home page URL of 3rd party app. This information is required for white label
policy_uri - policy page. This information is required for white label
tos_uri - term & condition page. This information is required for white label
post_logout_redirect_uri - Hyperlink when click on 3rd party app logo image
frontchannel_logout_uri - Logout URL for frontent
backchannel_logout_uri - Logout URL for backend
metadata - json format data which contain additional data such as:
background image
hotline - phone number
support email
Assuming step 2 & 3 is completed.
User click the login button on 3rd app
SDK it will generate code_verifier and code_challenge (from code_verifier).
SDK send authorization_code and code_challenge to /auth endpoint
GET https://oauth-qc.vinid.dev/oauth2/auth?client_id={client_id}&redirect_uri={callback_url}&response_type=code&scope={scope}&state={state}&code_challenge={code_challenge}&code_challenge_method=S256
OneID redirect to OneID login form
User login and consent scope
OneID callback authorization_code to 3rd app
SDK call /token endpoint with authorization_code and code_verifier
OneID validate code_verifier
OneID return access_token, id_token & access_token
10. 3rd party app uses access_token to access resource server (ex: /userinfo endpoint). 11. Resource server return data.
Language & framework
OIDC Client
Vue
React Native
Angular
Javascript
Android
IOS & MacOS
Golang
PHP
https://oauth.net/code/php/
Java
.NET
https://oauth.net/code/dotnet/
NodeJS
RUBY
Python
https://oauth.net/code/python/
https://github.com/IdentityModel/oidc-client-js
https://github.com/FormidableLabs/react-native-app-auth
https://github.com/manfredsteyer/angular-oauth2-oidc
https://github.com/openid/AppAuth-JS
https://github.com/openid/AppAuth-Android
https://github.com/openid/AppAuth-iOS
https://godoc.org/golang.org/x/oauth2 https://github.com/coreos/go-oidc
https://github.com/scribejava/scribejava
https://github.com/jaredhanson/passport https://github.com/simov/grant https://github.com/lelylan/simple-oauth2
https://github.com/oauth-xx/oauth2
