oAuth

overview

目的:第三方登入

讓其他平台可以透過 AD 登入並取得使用者資訊

USER FLOW

THIRD PARTY SITE

OAUTH BTN

click -> redirect to AD Login Page

AD PLATFORM SITE

click -> popup confirm modal

(check the authorization scope)

Account

Password

Submit

scope

authorize third party site

confirm

click -> popup confirm modal

(check the authorization scope)

AD PLATFORM SITE

click -> popup confirm modal

(check the authorization scope)

Account

Password

Submit

scope

authorize third party site

confirm

click -> popup confirm modal

(check the authorization scope)

click -> redirect to third party site

and get user information

Inplement

AV

client

AD

AV

server

click -> with callback URL

accessToken(JWT)

request with Client Id/ Client Secret

Whitelist?

AV

client

AD

AV

server

click -> with callback URL/clientId

grandcode

request with grandcode/client secret

accessToken(JWT)

AD

THIRD PARTY

AD

THIRD PARTY

(A) request -> payload: callbackURL(THIRD PARTY SITE)

(B)

  1.  login
  2.  generate grandCode (Save with User Id )
  3.  redirect to callback URL with grandCode

 

Made with Slides.com