OAuth 2.0 SSO setup guide

  • 19 May 2020
  • 1 reply
  • 428 views

Userlevel 6
Badge +1
  • Product Guru
  • 26 replies posted

What is OAuth 2.0? 

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. The specification can be found here

The inSided Community OAuth 2.0 scheme supports Authorization Code Grant.

OAuth 2.0 Flow Representation

In order to understand how the OAuth 2.0 process integrates into the overall Community SSO architecture (i.e. Steps #1-3 in the diagram below) please see Single Sign-on (SSO): Getting Started.

b_-1SIKeRYLbkUBTQ4q2T6lY5FA7lZSme3I682MizDPRUZH7TcJly4kp14sd50bpw8mUQlBHYhkLAcX9KyugAICEHe-p33c_BFicQjJ3b_mHKwfECSKMlmbajmpBsjlMqgO9BPdm

 

  1. Community redirects User to the Authorization URL with GET by attaching Redirect Uri, Client ID, Scope

  2. Server authenticates the User and obtains consent/authorization.

  3. Server sends the User back to the Community Redirect Uri by attaching Authorization Code.

  4. Community requests a response with Access Token in JSON format at the Token URL with POST(application/x-www-form-urlencoded) by attaching Authorization Code, Redirect URI, Client ID and Client Secret as parameters.

  5. Community requests a response with Profile data in JSON format at the User Info URL with GET by attaching Access Token, Client ID as parameters and additionally if Pass token in Authorization Bearer option is enabled Access Token as Authorization Bearer header

Redirect Uri is generated by Community automatically

After retrieving the Profile dataCommunity starts #Step 3 of Community Single Sign-on.

 

How to Configure OAuth 2.0 on inSided

 

Server configuration

  • Set up an OAuth 2.0 compatible Server with the following endpoints:
    • Authorization Endpoint
    • Access Token Endpoint
    • User Info Endpoint

Community (inSided) configuration

  1. Log in to Control as an Administrator
  2. Go to Integrations > SSO > OAuth 2.0
  3. Fill in the following fields:
    1. Authorization URL
    2. Client ID*
    3. Client Secret*
    4. Issuer*
    5. Token Url*
    6. User Info Url*
    7. Scope
    8. Pass token in Authorization Bearer
      * Indicates required fields
  4. Press Install

Once you’ve installed your configuration, we recommend using the built-in inSided SSO testing tool before you enable SSO for end users, to make sure everything is working as expected.

 

Permissions required to configure OAuth 2.0 on inSided

You must have a community account with the ‘Administrator’ permission in order to configure OAuth 2.0 SSO on inSided.


1 reply

@Frank Is there a way to invalidate the password based login if Oauth is used to sign in to an unverified account?

Reply