The implementation will be based on OIDC which is a thin wrapper on top of OAUTH 2.0 to support user authentication. We currently support Authorization Code flow.
If your current implementation supports OAUTH 2.0 then there might be minimal to no changes required. You may only have to configure the OAUTH setting in the respective apps.
The following data is required and can be input in the ui once sso is enabled for your account.
• client_id
• client_secret
• authorization_endpoint
• token_endpoint
• userinfo_endpoint
• scope(if any apart from openid, email, profile)
Ensure your authorization_endpoint accepts and responds as per the oauth/oidc spec mentioned in the reference section below.
The token_endpoint, userinfo_endpoint should also be as per the spec to avoid incorrect authentication flows.
In case you are implementing OIDC only for our authentication purpose, you need to only implement the Authorization Code flow parts of the spec and can skip other parts( this is widely supported by many other apps too).
Note:
we recommend that the userinfo_endpoint supply the values as per the Standard Claims.
In addition to the standard claims, we can also support additional response key values. These value may be used to update the user profile so that they are in sync with your organisation. Though these values maybe optional we recommend you provide the same so that data is consistent across applications.
• username
• first_name
• last_name
• middle_name
• avatar
• email
• id
• user_id
• sso_id
• groups
The above list may expand in the future, and these value will take preference over the standard claims.
Email acts as a unique identifier, so ensure the email must be part of the response of the userinfo_endpoint.
In addition, we also recommend you provide a user_id/sso_id to uniquely identify users. This is helpful particularly when email is updated for a user in your organization.
Ensure that the email is validated for the user at your end when sso is enabled to ensure there are no email failures and spam users in the system.