Custom SSO OAuth 2.0
In this section you will learn about Custom SSO OAuth 2.0
Apart from a number of pre-built SSO providers we support integrating with fully Custom OAuth 2.0 compatible providers.
The process is not automatic:
First you need to implement OAuth2 flow on your side and make sure it works. You should implement three types of requests for it listed below.
Any SSO integrations require you to connect your custom domain.
Contact our tech engineers to test and finish integration on our side. OAuth implementation can vary from provider to provider so we implemented ability to customize OAuth requests used in integration (HTTP method, JSON/Form data, Scope separator, etc.). Our engineers will adapt to your implementation during integration process, but we recommend to stick to the most popular industry implementations (preferable to use open source implementations for your tech stack).
These are global parameters generated on your side
CLIENT_ID - You apps client id used to identify Jet Admin requests (passed public)
CLIENT_SECRET - You apps client secret used by Jet Admin to perform requests (stored internally)
SCOPE - (optional) If your backend requires access_token to have list of scopes to make queries this parameter will be used to obtain access_token
1. Authorization URL
Initial page which user is redirected to on Sign In page
GET https://YOUR_SSO_DOMAIN/authorize
Query Parameters
client_id*
String
CLIENT_ID
state*
String
Special OAuth2 generated code, created on Jet Admin side
redirect_uri*
String
ex. https://api.jetadmin.io/complete/custom_oauth_2/ Should be as specified here, you can validate it on your side (optionally)
response_type*
String
code
scope*
String
ex. "openid profile offline_access" Depends on your implementation, should be minimal scope needed to get user profile (first name, last name, email)
After Sign In process user will be redirected back to Jet Admin side.
Page that processes received "code" and performs step 2.
GET https://api.jetadmin.io/complete/custom_oauth_2/
Query Parameters
state*
String
Special OAuth2 generated code, created on Jet Admin side
code*
String
Special OAuth2 generated code, created on Custom provider side
scope*
String
Previously received scope
prompt*
String
consent
authuser
String
0
2. Access token URL
The method is called by Jet Admin backend to get "access" and "refresh" tokens
POST https://YOUR_SSO_DOMAIN/token
Request Body
grant_type*
String
authorization_code
code*
String
Special OAuth2 generated code, created on Custom provider side
client_id
String
CLIENT_ID
client_secret*
String
CLIENT_SECRET
redirect_uri*
String
https://api.jetadmin.io/complete/custom_oauth_2/
{
'token_type': 'Bearer',
'access_token': 'ya29.A0ARrdaM9Hc_Hz__EhytWaIlHcYGkaszuxgKVqeEWBfErtEbHOPRF2_YtvlSY5qbkW2ZKbvbCNPtxGJJHutBsWd2hfmE8ZCdRX0bpQw5iwDfTBJZjQ7S9kKRiiCR165DyLs8hnERkjd3Z8-1-hPSt1X9MrY8aX',
'expires_in': 3599,
'refresh_token': '1//09uFin2WWZE9gCgYIARAAGAkSNwF-L9Irrrh5VtbNA35jfyWv8xnrj-VSqMKwCP-yjKtP6h6IDA6A0-S-LgqGve9Z-RLZzFdZpaE',
'scope': 'openid profile offline_access'
}access_token JWT payload should have fields:
first_name
last_name (optional)
username (can be equal to email)
email
access token and refresh token obtained on this step are saved on api.jetadmin.io side.
3. Refresh token URL
Can be the same as Access token URL, but with different data
The method is called by Jet Admin backend to refresh expired "access token"
POST https://YOUR_SSO_DOMAIN/token
Request Body
grant_type*
String
refresh_token
refresh_token*
String
client_id
String
CLIENT_ID
client_secret*
String
CLIENT_SECRET
{
'token_type': 'Bearer',
'access_token': 'ya29.A0ARrdaM9Hc_Hz__EhytWaIlHcYGkaszuxgKVqeEWBfErtEbHOPRF2_YtvlSY5qbkW2ZKbvbCNPtxGJJHutBsWd2hfmE8ZCdRX0bpQw5iwDfTBJZjQ7S9kKRiiCR165DyLs8hnERkjd3Z8-1-hPSt1X9MrY8aX',
'expires_in': 3599,
'refresh_token': '1//09uFin2WWZE9gCgYIARAAGAkSNwF-L9Irrrh5VtbNA35jfyWv8xnrj-VSqMKwCP-yjKtP6h6IDA6A0-S-LgqGve9Z-RLZzFdZpaE',
'scope': 'openid profile offline_access'
}Authorizing API calls to your backend with SSO token
API calls with SSO tokenLast updated
Was this helpful?