Redirecting Users to SSO

Learn how to properly redirect users to the authorization server

Authorization URL

End-users visit your service and have to be redirected to SSO in order for the to authenticate and authorize your service.

Redirection must be done through a properly constructed URI as specified by the OAuth v2 spec. TNG Identity SSO URI adds an additional parameter Template Definition ID that specifies what credential is asked of the client

Parameters must be sent in the query component of the URI using the application/x-www-form-urlencoded formatting.

Parameters

client_id, string

A Client ID

definition_id, string

The selected Template Definition ID

response_type, string

code

Indicates that the Authorization Code flow is used. SSO will return an authorization code to the callback URL.

redirect_uri, string

One of configured redirection or callback URIs for the client

Scope, string

A space-separated list of permissions the application is requesting.

Example:

openid vp_token

For now, only openid is supported, but we plan to extend in the future.

state, string

A client-generated, opaque value used to maintain request state between the authorization request and the callback.

Used to prevent CSRF attacks and to correlate the response with the originating request.

Example:

https://sso-authorization-ui.com/?client_id=client-id&definition_id=emailCredential&response_type=code&redirect_uri=https%3A%2F%2Fmy-service.com&scope=openid&state=oBNawHpnvy9xFffhgdgw

PreviousConfiguring Your Service NextAccepting Authorization Result

Last updated 3 months ago

hashtagAuthorization URL

hashtagParameters

Authorization URL

Parameters