If you wish to use any third-party client libraries or if you want to write your own client then you can use our endpoints directly to authenticate users on your website or application.
This page contains detailed information about the OpenID Connect endpoints that miniOrange exposes on its authorization servers.
For OAuth endpoints go to - https://developers.miniorange.com/docs/idp/api/oauth-api.
You should have an account on the application where you want to single sign-on.
Steps to integrate miniOrange SSO API for OpenID Connect
You just need to make two calls:
. one GET request to the Authorization endpoint.
. one POST request to get access_token and id_token (id token contains information about the end-user).
Now you just need to verify the JWT token and parse user info with the help of that id_token.
You need to send a GET request to the authorization endpoint.
Create a REST service or similar on your application to handle the response from Authorization Endpoint.
This API helps you to obtain the code parameter after the user authenticates with the account credentials using an authorization grant.
GET (browser redirect)
client_id (Client ID obtained from miniOrange)
Callback URL of your application
openid/ email/ profile (scope of authorization or level of access)
you will receive a code that you have to use in exchange for the token in the next API call.
A value to be returned in the token. The client application can use it to remember the state of its interaction with the end-user at the time of the authentication call.
//Import our miniOrange API(copy all the JAR files in a lib folder and add them to build path)
//Step 1 : Make a token request using code and state parameter received on the redirect uri.
String token = AuthServerRequest.sendTokenRequest(code, state);
Example string token JSON :
//Step 2 : OPTIONAL. Validate id_token on your side.
<Your java code for validating id_token from the JWK set>
//Step 3: Make a user_info request. Fetch access_token from the JSON string token received in Step 1.
String user_info = AuthServerRequest.sendUserInfoRequest(access_token);
Example user info JSON :
Return user_info; //Proceed your login flow with the user_info scopes.
Getting Access Token and JWT Token
You need to make a POST request to the token endpoint.
Contains user attributes and signature which you have to validate with provided public certificate.
Valid for 1 hour and can be used to access user info or other endpoints until it is expired.
id_token contains the following JSON attributes:
https URI that indicates the issuer
identifier of the user at the issuer
client_id of the requesting client
the nonce parameter value received from the client
expiration time of this token
time when this token was issued
time the authentication happened
the first half of a hash of the access token
Verify JWT token and parse user details for SSO
On your Callback endpoint, you can read and parse the JWT token (User info). Structure of JSON Web Token (JWT): JSON Web Tokens consist of three parts separated by dots (.)(eg - xxxx.yyyyyyyyyyyy.zzzzzz), which are:
(a). Header: Contains signature algorithm name used to sign the payload.
(b). Payload: Contains user attributes.
(c). Signature: Signature value of the payload
Payload in the JWT token contains the following attributes:
Email of the user
Contact number of the user
Full name of the user
You will need to download a certificate from App > Manage Apps, and clicking Certificate link against your configured application. This certificate will be used for signature validation of JWT response.
Once you have the user info JSON. You can initiate your login by passing the email/username information to your local authentication functionality.
Authorization Endpoint : The authorization endpoint is the only one where the end-user interacts with the OpenID Connect provider. The other endpoints are meant for handling direct back - channel requests from the client application.
Token Endpoint : The token endpoint authenticates the client application and lets it exchange the code received from the authorization endpoint for an ID token and access token.
Introspection Endpoint : It verifies if a token is active or not
and to which user that token is assigned to.
Discovery Endpoint : Contains URL and information of all the endpoints mentioned above, including a path to JSON JWK set.
Provider JWK Set Endpoint : The JWK endpoint contains keys to sign and validate the id_token on the server and client-side respectively.
SLO Endpoint : On user logout event from client application send BROWSER REDIRECT to OpenID connect single logout endpoint.