Page tree
Skip to end of metadata
Go to start of metadata

This guide will tell you how to set up an application group that can be used by a group of SSO applications. The use case here is that two SSO applications A and B belonging to the same application group want to share tokens (i.e. Token generated by application A can be passed to application B, and application B can use the token by identifying itself as the calling application)

Setting Up the application group and adding applications

Creating an Application group

You must be logged into URS as a URS Admin in order to access these pages.

  1. Create an application group (available from the Admin Page)

 


 





Creating Applications and adding to the group

You must be logged into URS as a URS Admin in order to access these pages.

  1. Have the user register apps A and B just like they would normally.
    1. Application A (uid: app1, client_id: ABCD)
    2. Application B (uid: app2, client_id: XYZ)
  2. Go to the (SSO) App's page for both the applications (app1, app2) and you should see a tab called "Required Groups". From that page you can add the application group as required for the application.


 


Application ‘A’ generates a oauth token with value: HGJFKDAS for user 'urs_user', in the normal way by exchanging the authorization code for a token.

Application A can use its token in one of two ways to retrieve the user profile for ‘urs_user’ 

  • It can send its own client_id  as an additional parameter ‘client_id’ to the request
GET /api/users/urs_user?client_id=ABCD Authorization: Bearer HGJFKDAS
  • It can send its own client_id  as an additional parameter ‘calling_application’ to the request
GET /api/users/urs_user?calling_application=ABCD Authorization: Bearer HGJFKDAS


Application B can use Application A’s token to retrieve user profile for ‘urs_user’


  • It can send its own client_id  as an additional parameter ‘client_id’ to the request
GET /api/users/urs_user?client_id=ABCD Authorization: Bearer HGJFKDAS


  • It can send its own client_id  as an additional parameter ‘calling_application’ to the request
GET /api/users/urs_user?calling_application=XYZ Authorization: Bearer HGJFKDAS	


**calling_application parameter will be deprecated in future EDL releases.  It is being maintained for backwards compatibility currently.