search

Custom SSO OAuth 2.0

In this section you will learn about Custom SSO OAuth 2.0

Apart from a number of pre-built SSO providers we support integrating with fully Custom OAuth 2.0arrow-up-right compatible providers.

The process is not automatic:

  • First you need to implement OAuth2 flow on your side and make sure it works. You should implement three types of requests for it listed below.

  • Any SSO integrations require you to connect your custom domain.

  • Contact our tech engineers to test and finish integration on our side. OAuth implementation can vary from provider to provider so we implemented ability to customize OAuth requests used in integration (HTTP method, JSON/Form data, Scope separator, etc.). Our engineers will adapt to your implementation during integration process, but we recommend to stick to the most popular industry implementations (preferable to use open source implementations for your tech stack).

These are global parameters generated on your side

  • CLIENT_ID - You apps client id used to identify Jet Admin requests (passed public)

  • CLIENT_SECRET - You apps client secret used by Jet Admin to perform requests (stored internally)

  • SCOPE - (optional) If your backend requires access_token to have list of scopes to make queries this parameter will be used to obtain access_token

hashtag
1. Authorization URL

hashtag
Initial page which user is redirected to on Sign In page

GET https://YOUR_SSO_DOMAIN/authorize

hashtag
Query Parameters

Name
Type
Description

client_id*

String

CLIENT_ID

state*

String

Special OAuth2 generated code, created on Jet Admin side

redirect_uri*

String

ex. https://api.jetadmin.io/complete/custom_oauth_2/ Should be as specified here, you can validate it on your side (optionally)

response_type*

String

code

scope*

String

ex. "openid profile offline_access" Depends on your implementation, should be minimal scope needed to get user profile (first name, last name, email)

circle-info

If you have only 1 sign in method (SSO) user will be automatically redirected to your SSO initial page without seeing Jet Admin.

After Sign In process user will be redirected back to Jet Admin side.

hashtag
Page that processes received "code" and performs step 2.

GET https://api.jetadmin.io/complete/custom_oauth_2/

hashtag
Query Parameters

Name
Type
Description

state*

String

Special OAuth2 generated code, created on Jet Admin side

code*

String

Special OAuth2 generated code, created on Custom provider side

scope*

String

Previously received scope

prompt*

String

consent

authuser

String

0

hashtag
2. Access token URL

hashtag
The method is called by Jet Admin backend to get "access" and "refresh" tokens

POST https://YOUR_SSO_DOMAIN/token

hashtag
Request Body

Name
Type
Description

grant_type*

String

authorization_code

code*

String

Special OAuth2 generated code, created on Custom provider side

client_id

String

CLIENT_ID

client_secret*

String

CLIENT_SECRET

redirect_uri*

String

https://api.jetadmin.io/complete/custom_oauth_2/

access_token JWT payload should have fields:

  • first_name

  • last_name (optional)

  • username (can be equal to email)

  • email

access token and refresh token obtained on this step are saved on api.jetadmin.io side.

circle-info

(optional) If you have self-hosted Jet Bridge set up as HTTP proxy access token and refresh token can be saved on self-hosted Jet Bridge side.

hashtag
3. Refresh token URL

Can be the same as Access token URL, but with different data

hashtag
The method is called by Jet Admin backend to refresh expired "access token"

POST https://YOUR_SSO_DOMAIN/token

hashtag
Request Body

Name
Type
Description

grant_type*

String

refresh_token

refresh_token*

String

client_id

String

CLIENT_ID

client_secret*

String

CLIENT_SECRET

hashtag
Authorizing API calls to your backend with SSO token

API calls with SSO tokenchevron-right
PreviousGoogle SSO SAML2NextAPI calls with SSO token

Last updated

Was this helpful?