OpenID Connection Details

Endpoints:

Authorization Request

You need to for a URL like below and send ​ GET request to authorize endpoint.

[GET] https://login.xecurify.com/idp/openidsso?
        client_id=​<client-id-goes-here>
        &redirect_uri=​<callback-url-goes-here>
        &scope=openid
        &response_type=code
        &state=<security_token>

Parameter Value
state This parameter will contain unique security token along with page URL where you want to redirect after SSO response.

Response parameter:

Parameter Value
code you will receive a code which you have to use in exchange of token in next API call.

Get access_token and JWT token

[POST] https://login.xecurify.com/rest/oauth/token

Request parameters:

Parameter Value
grant_type authorization_code
client_id <client-id-goes-here>
client_secret <client-secret-goes-here>
redirect_url <callback-URL-goes-here>
code <code-received-in-step1>

Response:

Parameter Value
id_token ​Contains user attributes and signature which you have to validate with provided public certificate.
access_token Valid for 1 hour and can be used to access user info or other endpoints until it is expired.

Revoke Token Request

This API invalidates the access token.

[GET] https://login.xecurify.com/rest/oauth/revoke

Request header:

Authorization: Bearer <access-token-value>

Response:

{
    "message":"Token has been revoked successfully.",
    "status":"SUCCESS"
}

Error Response:

{
    "message":"Access token is either invalid or expired.",
    "status":"FAILED"
}

SSO Single Logout API

On user logout event from client application send BROWSER REDIRECT to OpenID connect
single logout endpoint.

https://login.xecurify.com/idp/oidc/logout?post_logout_redirect_uri=​http%3A%2F%2Fexample.com%2Flogout%3Fslo%3Dtrue

Request Parameter:
post_logout_redirect_uri: This is URL where you want to user to redirect after logout.

Response:
User will be logged out from SSO system and will be redirected back to ​post_logout_redirect_uri