SSO - passing Roles using Oauth

Unknown
Unknown
edited April 2019 in Sales & Marketing

Docs: https://docs.vanillaforums.com/help/sso/oauth/#how-oauth2-works-in-vanilla


Additional info for passing roles via Oauth SSO:


From the community:

  1. User clicks on sign in and is directed to the Authorize Url configured in the dashboard (usually something like https://address-to-your-app/oauth/authorize )
  2. If the user is logged in your app will redirect the user back to https://your-forum/entry/oauth2 with ?code=[code] in the url
  3. Vanilla takes that code and sends it via cURL to your app to request an access token
  4. Your app responds with an access token which we then send, again via cURL, to request the user's profile
  5. Your app responds with a JSON document containing at least the user's unique ID, and email address.
  6. With that email address or that unique ID we either connect them to their account that already exists on the forum, or we create a user for them with data sent.

Here is an example of a JSON response with roles being sent:

{
  "Email": "uthred@vanillaforums.com",
  "Photo": "https://s.gravatar.com/avatar/3c2a6b39fa8c01c466806131159dd349?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fpa.png",
  "Name": null,
  "FullName": "Uthred Bebbanburg",
  "UniqueID": "auth0|56040_____________3c2c2939",
  "email_verified": false,
  "clientID": "RUi__________________bY",
  "updated_at": "2017-05-19T02:06:22.883Z",
  "nickname": "Uthred",
  "identities": [
    {
      "user_id": "5604072ba0a9b7fd3c2c2939",
      "provider": "auth0",
      "connection": "Username-Password-Authentication",
      "isSocial": false
    }
  ],
  "created_at": "2015-09-24T14:22:35.458Z"
  "persistent": [],
  "sub": "auth0|5604072ba0a9b7fd3c2c2939",
  "Provider": "oauth2-plain",
  "Roles": "Owner"
}

Some of this data is just ignored by our system. Data keys like Email, Photo, UniqueID can be configured in your dashboard. If your app has to pass, for example, the email as:

"mail": "uthred@vanillaforums.com"

That won't be a problem because you can configure those keys in the plugin in the community dashboard. The only one that is "hardcoded" is roles, and needs to be passed as:

"Roles" : "role1,role2"

Comments

Categories