What is OAuth 2.0?
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. The specification can be found here.
The inSided Community OAuth 2.0 scheme supports Authorization Code Grant.
OAuth 2.0 Flow Representation
In order to understand how the OAuth 2.0 process integrates into the overall Community SSO architecture (i.e. Steps #1-3 in the diagram below) please see Single Sign-on (SSO): Getting Started.
-
Community redirects User to the Authorization URL with GET by attaching Redirect Uri, Client ID, Scope
-
Server authenticates the User and obtains consent/authorization.
-
Server sends the User back to the Community Redirect Uri by attaching Authorization Code.
-
Community requests a response with Access Token in JSON format at the Token URL with POST(application/x-www-form-urlencoded) by attaching Authorization Code, Redirect URI, Client ID and Client Secret as parameters.
-
Community requests a response with Profile data in JSON format at the User Info URL with GET by attaching Access Token, Client ID as parameters and additionally if Pass token in Authorization Bearer option is enabled Access Token as Authorization Bearer header
Redirect Uri is generated by Community automatically
After retrieving the Profile data, Community starts #Step 3 of Community Single Sign-on.
How to Configure OAuth 2.0 on inSided
Server configuration
- Set up an OAuth 2.0 compatible Server with the following endpoints:
- Authorization Endpoint
- Access Token Endpoint
- User Info Endpoint
Community (inSided) configuration
- Log in to Control as an Administrator
- Go to Integrations > SSO > OAuth 2.0
- Fill in the following fields:
- Authorization URL*
- Client ID*
- Client Secret*
- Issuer*
- Token Url*
- User Info Url*
- Scope
- Pass token in Authorization Bearer
* Indicates required fields
- Press Install
Once you’ve installed your configuration, we recommend using the built-in inSided SSO testing tool before you enable SSO for end users, to make sure everything is working as expected.
Permissions required to configure OAuth 2.0 on inSided
You must have a community account with the ‘Administrator’ permission in order to configure OAuth 2.0 SSO on inSided.