Single Sign On (SSO) using OAuth

Xecurify allows an enduser to login to our portal with approval of resource-owner or enduser using their Google, Facebook or Twitter accounts

OAuth

OAuth (Open Authorization) is an open standard for token-based authentication and authorization.

OAuth allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password. It acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared.

Let us take an example to show you how to implement OAuth as a Consumer:

  • REGISTER YOUR APP

    Create an App in any OAuth Provider like Facebook, Twitter etc. After registering your application, you will receive a Consumer Key which identifies you to OAuth Provider.You will also receive a Consumer Secret that will be required when asking for an Request Token. Save the Consumer Key and Secret so that you can use it into your code as required.

  • GET A REQUEST TOKEN

    The Xecurify Authentication Service requests a Request Token.The Request Token is a temporary token used to initiate User authorization for your application. The Request Token tells OAuth Provider that you've obtained User approval, but must be exchanged, along with the OAuth Verifier, for an Access Token.

  • GET USER PERMISSION TO ACCESS DATA

    After getting the Request Token from OAuth Provider, Xecurify Authentication Service presents to your Users an authorization page asking them to give permission to our application to access their data.The authorization page will only ask for permission to a limited amount of User data, based on the access scopes you specified during the initial registration process.

  • EXCHANGE THE REQUEST TOKEN AND OAUTH VERIFIER FOR AN ACCESS TOKEN

    After the users authorize Xecurify Authentication Service access to their information,our application needs to exchange the approved Request Token for an Access Token, which tells OAuth Provider that Xecurify Authentication Service has been given authorization to access User data.

  • AUTHENTICATE THE USER

    After obtaining user information from the Access Token, it queries Xecurify Authentication Service enduser database. If the user already exists in database, it redirects to user Self Service Console. If the user does not exist in enduser database, it redirects back to Login Page.