Integrating SSO with Your App
This topic describes how to integrate SSO with Java and non-Java apps.
Because SSO service is based on the OAuth protocol, any app that uses SSO must be OAuth-aware.
If you are using Java, see Single Sign-On Service Sample Applications. These are sample apps created using Spring Boot for all four app types. These apps use the SSO Service Connector, which auto-configures the app for OAuth. For more information about the SSO Service Connector, see spring-cloud-sso-connector on GitHub.
After binding the app to an SSO service instance, you must restart the app for the new SSO configuration to take effect.
To configure non-Java apps for OAuth, supply the following properties as environment variables to your app after the SSO service bind. You can view this information on the Next Steps page of the SSO dashboard.
- App ID, also known as OAuth Client ID
- App Secret, also known as OAuth Client Secret
- OAuth Authorization URL, the endpoint for client authorization
- OAuth Token URL, the endpoint for token retrieval
To validate the token, you must verify the following:
The token is a properly signed JSON Web Token with an appropriate public key. The key can be downloaded from the Token Verification Key endpoint specified on the Next Steps page.
The value of
audin the token matches your App ID.
The value of
The expiry time of the token,
exp, has not passed.