Search...
Menu

SSO Single Sign-On API

PDF

Configuration parameters

In Settings->Site Settings->Access Permission, select Authorized Login, Click “Setup”, fill in the configuration information:
 
After filling in the above information, the login interface will appear SSO single sign-on
 
*Configuration parameter description:
Configuration parameters Required Description Example
Redirect address (Redirect_URL) Yes Site address https://sso.company.com
Application ID (App ID) Yes Generated and provided by the enterprise 9d8a121ce581499d
App Secret Yes Generated and provided by the enterprise 698d59D8A1217b701668
Scopes No This parameter can be used to understand the enterprise's own SSO Related documents of the service  
Authorization URL Yes This address can be used to understand the enterprise's own SSO Related documents of the service
https://sso.company.com/login/oauth/authorize
Access Token URL Yes This address can be used to learn about the relevant documents of the company's own SSO service https://sso.company.com/login/oauth/access_token
User Information URL (User Info URL) Yes This address can be used to learn about the relevant documents of the company's own SSO service https://sso.company.com/api/user

 

Get the redirect address (Redirect_URL)

 

Business process

HTTP request process
Refer to the ”business process diagram“ above

Step 2, the user browser jumps from the helplook site to the enterprise SSO login interface

Jump link: https://sso.company.com/oauth/authorize?client_id=9d8a121ce581499d&redirect_uri=https%3A%2F%2Fcompany.helplook.com%2Faccess&response_type=code&scope=public

 

Step 4, the user browser jumps from the enterprise SSO login interface to the helplook authorization callback interface

Jump link: https://company.helplook.com/access?code=9e7d0a6dea2e12e99df0

 

Step 5.1, helplook backend obtains user Token from SSO

Request method Request address
POST https://sso.company.com/login/oauth/access_token

Body type : application/json

Parameters Required Description Example
client_id
Yes Application ID 9d8a121ce581499d
client_secret
Yes Application key 698d59D8A1217b701668
code
Yes Pre-authorization code 9e7d0a6dea2e12e99df0
grant_type
Yes Authorization type code

Response

{
	"access_token": "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",
	"token_type": "bearer",
	"scope": ""
}

 

Step 6, helplook sends a token from the backend to the enterprise SSO Get user information

Request method Request address
GET https://sso.company.com/api/user

Body type: application/json

Request header: Authorization: Bearer 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

Response

{
	"nickname": "helplook",
	"open_id": 166786062,
	"avatar": "",
	"phone": "",
	"email": "",
}
Parameters Required Description Example
nickname Yes Nickname helplook
open_id Yes Unique ID of enterprise-owned system user 166786062
avatar No No Avatar  
phone No Mobile phone number  
email No Mailbox  

 

Remarks, business exception response format

{
	"error": "Invalid authorization code",
	"error_description": "Incorrect or expired authorization code transmitted",
	"error_uri ": ""
}


Configuration example

Share this Article
Last modified: 2024-05-06Powered by