This guide will tell you how to set up an application group that can be used by a group of SSO applications. The use case here is that two SSO applications A and B belonging to the same application group want to share tokens (i.e. Token generated by application A can be passed to application B, and application B can use the token by identifying itself as the calling application)
Setting Up the application group and adding applications
Creating an Application group
You must be logged into URS as a URS Admin in order to access these pages.
- Create an application group (available from the Admin Page)
Creating Applications and adding to the group
You must be logged into URS as a URS Admin in order to access these pages.
- Have the user register apps A and B just like they would normally.
- Application A (uid: app1, client_id: ABCD)
- Application B (uid: app2, client_id: XYZ)
- Go to the (SSO) App's page for both the applications (app1, app2) and you should see a tab called "Required Groups". From that page you can add the application group as required for the application.
Application ‘A’ generates a oauth token with value: HGJFKDAS for user 'urs_user', in the normal way by exchanging the authorization code for a token.
Application A can use its token in one of two ways to retrieve the user profile for ‘urs_user’
- It can send its own client_id as an additional parameter ‘client_id’ to the request
GET /api/users/urs_user?client_id=ABCD authorization: Bearer HGJFKDAS
- It can send its own client_id as an additional parameter ‘calling_application’ to the request
GET /api/users/urs_user?calling_application=ABCD authorization: Bearer HGJFKDAS
Application B can use Application A’s token to retrieve user profile for ‘urs_user’
- It can send its own client_id as an additional parameter ‘calling_application’ to the request
GET /api/users/urs_user?calling_application=XYZ authorization: Bearer HGJFKDAS