Helpcenter +918010117117 https://cdn.storehippo.com/s/573db3149f0d58741f0cc63b/ms.settings/5256837ccc4abf1d39000001/57614ef64256dc6851749879-480x480.png" [email protected] https://www.facebook.com/StoreHippohttps://twitter.com/StoreHippohttps://www.linkedin.com/company/hippoinnovations/https://plus.google.com/+Storehippo/posts
B4,309-10 Spaze iTech Park, Sector 49, Sohna Road, 122001 Gurgaon India
call to replace anchor tags contains '/admin' in href
  1. Home
  2. Single sign-on (SSO)

Single sign-on (SSO)

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. In simple words, the SSO authentication process allows a user to access multiple applications with one set of login credentials. With SSO, a user logs in once and gains access to different applications, without the need to re-enter log-in credentials at each application. SSO has various advantages include:

  • Eliminates credential reauthentication and help desk requests; thus, improving productivity.
  • Enhance the end-user experience during log-ins by making the process quick and simple.
  • Streamlines local and remote application and desktop workflow.
  • Limits the possibility of phishing.
  • Improves compliance through a centralized database.
  • Provides detailed user access reporting.

Implementation

Follow the steps given below to implement the SSO functionality:

Client registration

  • Log in to your StoreHippo Admin Panel.
  • Go to the Oauth client section.
  • Click the Add New button to add a new client.
  • A form will open with multiple fields.
  • In the Name field, provide the name, and in the Redirect Url field, enter the URL to be redirected.
  • Select the Skip User Auth field if you want to skip the authorization screen for the authorized users. If the user has already authorized, then auth screen will not open up when this field is enabled.
  • Click the Save button to create the Oauth client. 
  • The OAuth client will be created now. The Client secret and Client id will be created automatically.

Authorization route

  • Once the OAuth client is created, the authorization route will be created. The authorization route will be like - <Store URL>/oauth/auth/?client_secret=<client_secret>&client_id=<client_id>&scope=public_profile&response_type=code&redirect_uri=<Entered Redirect URL> 
  • Here, you need to provide the client ID, client secret that you have got while creating the OAuth client, and mention the entered URL redirect.
  • This will be open up the authorization popup.
  • The user has to give consent for "Permissions Asked For Read Public Profile" and when the user gives the consent the authorization will be successful.
  • After the successful authorization, it will redirect to redirect_uri with code and state. The redirect URI will be like - <Redirect URI>/?code=WQk3StB4OKbBpzkrhBT4&state=M3fUpGYLiW

Sending POST request to get access token

  • Once the authorization is successful, the post request will be sent to the client for getting the access token. The post request URL will be - <store URL>/oauth/access_token.
  • The "body" of the post request URL will contain: 
{
"client_id":"SZkwtFyrg82hMtOmSdyFUh9HA",
"client_secret":"Am0bbkfueQCrRLjS5nOwSNeEn",
"code":"ABtgOtZ6QQzkB2WEa51Z",
"state":"UlATt",
"redirect_uri":"https://www.sportscart.com",
"grant_type":"authorization_code"
}
    {
    "access_toke": " ",
    "refresh_token": " ",
    "expiresIn": " "
    }
    • After sending the post request, you will receive an access token, refresh token, and time in which the tokens expire.

    Getting user profile

    • To get the user profile, a get request is required to be sent with the received access token.
    • User info URL will be - <Store URL>/oauth/user/userinfo?access_token=<access Token you received>

    Now, the user profile will be received.

    2021-03-09T12:52:35.505Z