OneID SSO Integration (PKCE)

Search…

OneID's Identity and Access Management (IAM) solution uses PKCE (Proof Key for Code Exchange) method from open standards such as Oauth2 & OpenID Connect to provide authentication and authorization.

Step 1 - Determined the platform 
OneID SSO support many type of platform including:
1.Native/Mobile App (Mobile or Desktop app that support web browser web-view)
2.Single-Page App (JavaScript web app that runs in the browser)
3.Regular Web App (Traditional web app that runs on the server)
4.Backend/API (An API or service protected)
Step 2 - Pick the SDK
Select the SDK that match with your project programing language
Language & framework
OIDC Client
Vue
​
https://github.com/IdentityModel/oidc-client-js
React Native
​
https://github.com/FormidableLabs/react-native-app-auth
Angular
​
https://github.com/manfredsteyer/angular-oauth2-oidc
Javascript
​
https://github.com/openid/AppAuth-JS
Android
​
https://github.com/openid/AppAuth-Android
IOS & MacOS
​
https://github.com/openid/AppAuth-iOS
Golang
https://godoc.org/golang.org/x/oauth2
https://github.com/coreos/go-oidc
PHP
https://oauth.net/code/php/
Java
​
https://github.com/scribejava/scribejava
.NET
https://oauth.net/code/dotnet/
NodeJS
​
https://github.com/jaredhanson/passport
https://github.com/simov/grant
https://github.com/lelylan/simple-oauth2
RUBY
​
https://github.com/oauth-xx/oauth2
Python
https://oauth.net/code/python/
Step 3 - Create Client
Contact us to create/register Client: [email protected]
Tenant & Client is the identity of the 3rd party service which use OneID SSO. Required information for registering including:
1.client_id - ID of the 3rd party app
2.client_secret - optional
3.redirect_uris - the redirect url after the process complete
4.owner - owner of the 3rd party app
5.contacts - email of the owner
6.client_name - name of the 3rd party app. This information is required for white label
7.logo_uri - logo of the 3rd party app. This information is required for white label
8.client_uri - home page URL of 3rd party app. This information is required for white label
9.policy_uri - policy page. This information is required for white label
10.tos_uri - term & condition page. This information is required for white label
11.post_logout_redirect_uri - Hyperlink when click on 3rd party app logo image
12.frontchannel_logout_uri - Logout URL for frontent
13.backchannel_logout_uri - Logout URL for backend
14.metadata - json format data which contain additional data such as:
1.background image
2.hotline - phone number
3.support email 
Step 4 - Working Flow
Sequence diagram
Make the login button.
Assuming step 2 & 3 is completed.
1.User click the login button on 3rd app
2.SDK it will generate code_verifier and code_challenge (from code_verifier).
3.SDK send authorization_code and code_challenge to /auth endpoint
GET https://oauth-qc.vinid.dev/oauth2/auth?client_id={client_id}&redirect_uri={callback_url}&response_type=code&scope={scope}&state={state}&code_challenge={code_challenge}&code_challenge_method=S256​
4.OneID redirect to OneID login form
5.User login and consent scope
6.OneID callback authorization_code to 3rd app
7.SDK call /token endpoint with authorization_code and code_verifier
8.OneID validate code_verifier
9.OneID return access_token, id_token & access_token
Get resource with authorization code
10. 3rd party app uses access_token to access resource server (ex: /userinfo endpoint).
11. Resource server return data.

Extra Data

Auth endpoint

Last modified 1yr ago

Export as PDF

Copy link

On this page

Step 1 - Determined the platform

Step 2 - Pick the SDK

Step 3 - Create Client

Step 4 - Working Flow

Make the login button.

Get resource with authorization code