This section describes the OpenID Connect single sign-on (SSO) flow for traditional server applications integrated with an AppDirect-powered marketplace. For native applications, such as mobile applications, see SSO flow for native applications.
A description of each step follows the image.
The user is redirected to the previously registered Initiate Login URL to initiate SSO at the Developer. Following is an example:
https://www.isv.com/oidc/login?iss=https://marketplace.exampletelco.com
The Developer initiates SSO by sending a request to the authorization endpoint. Following is an example of how it appears.
https://marketplace.exampletelco.com/oauth2/authorize?response_type=code&scope=openid profile email&client_id=s6BhdRkqt3&state=af0ifjsldkj&redirect_uri=https://www.isv.com/callback
An authorization code is returned to the redirect_uri passed in step 3. Note: this URI must also match the value entered in the Redirect URL configuration field on the Edit Authentication page. Following is an example:
https://www.isv.com/callback?code=SplxlOBeZQQYbYS6WxSbIA&state=af0ifjsldkj
The Developer sends a POST request to the token endpoint to exchange the authorization code for the ID and access tokens. This request must be authenticated (basic authentication) using the client ID and secret.
curl -X POST -u appdirect-49:9vY0s4yb2pbnP7Vz "https://marketplace.exampletelco.com/oauth2/token?grant_type=authorization_code&code=AYo3IQ&redirect_uri=https%3A%2F%2Fwww.isv.com%2Fcallback"
The Developer retrieves additional user data (first/last name, email, etc.) from the User Info endpoint. This is a regular API call that requires the access token returned in step 7 to be included as a bearer token.
curl -H 'Authorization: Bearer <access_token>' https://marketplace.exampletelco.com/oauth2/userinfo