As of GeneXus 18 Upgrade 6, the flexibility of SSORest is extended allowing now to support External IDP Tokens.
This enables that from a client application when we enable SSORest in "Client" mode we have the option "Custom server URL SSO" (&GAMApplication.SSORESTServerURL_isCustom : True), which enables to enter the complete URL of the service in the property "Server URL SSO" (&GAMApplication.SSORESTServerURL), that service must be implemented by a third party.
GAM will perform a GET to the service configured in the property "Server URL SSO".
The service must be able to receive these Headers:
GET
Content-Type=application/x-www-form-urlencoded
Authorization: access_token
client_id: Client_ID of the application that exposes the service and uses SSORest
And you must respond as follows:
{
"token": {
"access_token": "85a3006c-0606-41d2-980e-223f88463ec2!N3YlsXrQ4es91BWO7oh33Cb51kfv2W2TTbwjAAxo4v2uRrQ",
"token_type": "Bearer",
"expires_in": 0,
"refresh_token": "",
"scope": "gam_user_data",
"user_guid": "8d98dbbf-bc02-43a9-a243-02f02d99faba"
},
"user": {
"guid": "8d98dbbf-bc02-43a9-a243-02f02d99faba",
"username": "juanp",
"email": "jperez@email.com",
"verified_email": true,
"first_name": "Juan",
"last_name": "Perez",
"external_id": "108013349483935780203",
"gender": "N",
"url_image": "",
"url_profile": "",
"phone": "099 123123",
"address": "",
"city": "",
"state": "",
"post_code": "",
"language": "en",
"timezone": "",
"custominfo": ""
}
}
GAM - OAuth User Scopes
HowTo: Use OAuth 2.0 Endpoints to authenticate with GAM as REST IDP Server