Skip to content

OAuth Provider Setup

Configure USSO as an OAuth/OIDC provider.

Enable OAuth

OAuth is enabled by default. Verify configuration:

curl -X GET http://localhost:8000/.well-known/openid-configuration

Register Client Application

curl -X POST http://localhost:8000/api/sso/v1/oauth/clients \
  -H "Authorization: Bearer TOKEN" \
  -d '{
    "name": "My Mobile App",
    "redirect_uris": ["https://myapp.com/callback"],
    "grant_types": ["authorization_code", "refresh_token"],
    "scopes": ["openid", "profile", "email"]
  }'

Save the client_id and client_secret returned.

Test Authorization Flow

  1. Redirect user to authorization endpoint: 

    http://localhost:8000/oauth/authorize?
  client_id=CLIENT_ID&
  redirect_uri=https://myapp.com/callback&
  response_type=code&
  scope=openid+profile+email&
  state=RANDOM_STATE

  2. User approves

  3. USSO redirects with code: 

    https://myapp.com/callback?code=AUTH_CODE&state=RANDOM_STATE

  4. Exchange code for tokens: 

    curl -X POST http://localhost:8000/oauth/token \
  -d grant_type=authorization_code \
  -d code=AUTH_CODE \
  -d redirect_uri=https://myapp.com/callback \
  -d client_id=CLIENT_ID \
  -d client_secret=CLIENT_SECRET

Learn more →