QiotaConnect SSO


An SSO connection API based on the OAuth2 protocol coupled with the JWT (JSON Web

Token) formalism in certain specific cases in order to transmit user ids, roles, and

authorizations to third-party applications.

In this scenario, QiotaConnect has the role of the Resource server and Authorization server.

QiotaConnect implements an Access Token and Refresh Token system to avoid having to

authenticate each time you launch mobile applications.

The features present in the QiotaConnect solution are as follows:

  • API rest authentication
  • Token access
  • Refresh token
  • Role authorization
  • API registration remainder
  • API rest for the forgotten password function
  • User consultation dashboard

Our solutions QiotaPaywal, mahalo(ex-aboweb) aboshop e-commerce are natively integrated with Qiota SSO.




Swagger documentation

https://app.swaggerhub.com/apis/qiota/SSO/1.0.0-oas3

Flow authentification system :


1. The client (here named site but in our case telegram or meretmarine) makes an http request to authorize with the following information:

a. response_type = code -> corresponds to the type of response returned, in

our case a unique code which will subsequently allow obtaining an

accessToken for the user

b. client_id = [client_id] -> corresponds to the identifier of the client who wishes to make the call (in our case the telegram -> 5dd508e80ff0f)

c. scope = [scope] -> corresponds to the different user attributes that the client will need

d. redirect_uri = [redirect_uri] -> corresponds to the callback url which will be called by qiota if the user is already logged in, this will be called by qiota with the authorization code

e. error_uri = [error_uri] -> corresponds to the callback url which will be called by qiota in case the user is not logged in


2. Cases where the user is well connected:

a. Redirection to the redirect_uri callback URL with the authorization code as

b. parameter, which will then be consumed by the client to retrieve the user's token.

3. Cases where the user is not logged in:

a. Redirect to error_uri callback URL, this url is called by qiota in case the

user is not logged in this callback is to be defined by the client but this can for example be a url to a login form

4. If the user is not logged in and therefore wants to be logged in, you must point the

connection form to api /v1/login with the following information in post:

a. email -> corresponds to the user's email

b. password -> corresponds to the user's password

c. client_id = [client_id] -> corresponds to the identifier of the client who

wishes to make the call (in our case the telegram -> 5dd508e80ff0f)

d. response_type = code -> corresponds to the type of response returned, in our case a unique code which will subsequently allow obtaining an accessToken for the user

e. scope = [scope] -> corresponds to the different user attributes that the client will need

f. redirect_uri = [redirect_uri] -> corresponds to the callback url which will be called by qiota if the user logs in successfully, the latter will be called by qiota with the authorization code

g. error_uri = [error_uri] -> corresponds to the callback url in case of user login failure, the latter contains an error = bad_credential parameter