Scribd Logo
Upload

Welcome to Scribd!

  • Using Sso Connect in The Oauth 2 Flow: Diagram

    Uploaded by

    PeterVanHoecke
    9 views3 pages
    The document describes the OAuth 2.0 flow for single sign-on (SSO) using SSO Connect. It involves: 1) Checking if the user is logged in using a hidden iframe and handling login via a visible iframe. 2) Redirecting back to the site with an authorization code. 3) Requesting and receiving an access token. 4) Checking if the user is authorized and allowing login again if not. Refresh tokens are not used since website sessions are handled differently than in apps.

    Original Description:

    test

    Original Title

    SSODOC UsingSSOconnectintheoAuth2flow 161215 1146 100

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes the OAuth 2.0 flow for single sign-on (SSO) using SSO Connect. It involves: 1) Checking if the user is logged in using a hidden iframe and handling login via a visible iframe. 2) Redirecting back to the site with an authorization code. 3) Requesting and receiving an access token. 4) Checking if the user is authorized and allowing login again if not. Refresh tokens are not used since website sessions are handled differently than in apps.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    9 views3 pages

    Using Sso Connect in The Oauth 2 Flow: Diagram

    Uploaded by

    PeterVanHoecke
    The document describes the OAuth 2.0 flow for single sign-on (SSO) using SSO Connect. It involves: 1) Checking if the user is logged in using a hidden iframe and handling login via a visible iframe. 2) Redirecting back to the site with an authorization code. 3) Requesting and receiving an access token. 4) Checking if the user is authorized and allowing login again if not. Refresh tokens are not used since website sessions are handled differently than in apps.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    Using SSO connect in the oAuth 2 flow

    Diagram
    Integrator related steps of the sequence diagram
    1. Request access
    On page load check if the user is logged in
    Allow the user to log in.
    6. Returns to site with authorization code
    7. Request access token
    8. Returns access token
    9. Authorized or not
    10. Return authorized or not
    A. Refresh access token (not used in SSO Connect)
    B. Returns of refreshing access token (not used in SSO Connect)

    Diagram

    Integrator related steps of the sequence diagram


    1. Request access
    This phase is in two steps actually

    On page load check if the user is logged in


    This you can do with the Hidden Iframe implementation.

    Hidden IFrame
    var mySSOInit = new ssoConnect();
    // This will create the hidden iFrame from which the SP will broadcast
    the messages
    // The connect function exposes an onMessage function, from which you
    can handle the response
    mySSOInit.connect({
    onMessage: handleResponse
    });
    // This will translate the messages the SP has sent
    var handleResponse = function (message) {
    // And here you can do something with the messages
    console.log(message);
    };

    Allow the user to log in.


    For this, you will use the Visible IFrame with hash /

    Visible IFrame
    var mySSOiFrame = new ssoConnect();
    // Create the iFrame inside a specified container, this will make the
    iframe visible
    // The connect function exposes an onMessage function, from which you
    can handle the response
    mySSOiFrame.connect({
    container: 'containerId', // ID of the html element where the
    iframe should be added
    clientId: 'caps-hln-1234', // Service ID for your specific service
    redirectUri: 'http://www.hln.be', // Url to which the app should
    redirect => is linked with the service ID
    hash: '/', // Load the blackbox of the login flow
    onMessage: handleResponse
    });
    // This will translate the messages the SP has sent
    var handleResponse = function (message) {
    // And here you can do something with the messages
    console.log(message);
    };

    6. Returns to site with authorization code


    We provide actually to return points with SSO Connect.
    1. The "normal" flow that redirects to the redirect url (See Directly use oAuth 2.)
    2. The onMessage callback that happens with an event ssoLoggedIn

    7. Request access token


    The flow is that the redirect that happens still handles the receiving of the access token. So entirley the same as Directly use oAuth 2.

    8. Returns access token


    Entirely the same as Directly use oAuth 2.

    9. Authorized or not
    The call to see if the user is authorized or not is the same as Directly use oAuth 2.

    10. Return authorized or not


    If the user is not authorized, you can execute the same logic as in step 1 Allow user to login.

    A. Refresh access token (not used in SSO Connect)


    Since on a website we handle the "session" different then in an app, we don't need to use the refresh tokens.

    B. Returns of refreshing access token (not used in SSO Connect)


    Since on a website we handle the "session" different then in an app, we don't need to use the refresh tokens.

    You might also like