Table of contents

Unofficial Content

As of GeneXus 18 Upgrade 6, the flexibility of SSORest is extended allowing now to support External IDP Tokens.

This enables that from a client application when we enable SSORest in "Client" mode we have the option "Custom server URL SSO" (&GAMApplication.SSORESTServerURL_isCustom : True), which enables to enter the complete URL of the service in the property "Server URL SSO" (&GAMApplication.SSORESTServerURL), that service must be implemented by a third party.

GAM will perform a GET to the service configured in the property "Server URL SSO".

The service must be able to receive these Headers:


Authorization: access_token
client_id: Client_ID of the application that exposes the service and uses SSORest

And you must respond as follows:

    "token": {
        "access_token": "85a3006c-0606-41d2-980e-223f88463ec2!N3YlsXrQ4es91BWO7oh33Cb51kfv2W2TTbwjAAxo4v2uRrQ",
        "token_type": "Bearer",
        "expires_in": 0,
        "refresh_token": "",
        "scope": "gam_user_data",
        "user_guid": "8d98dbbf-bc02-43a9-a243-02f02d99faba"
    "user": {
        "guid": "8d98dbbf-bc02-43a9-a243-02f02d99faba",
        "username": "juanp",
        "email": "",
        "verified_email": true,
        "first_name": "Juan",
        "last_name": "Perez",
        "external_id": "108013349483935780203",
        "gender": "N",
        "url_image": "",
        "url_profile": "",
        "phone": "099 123123",
        "address": "",
        "city": "",
        "state": "",
        "post_code": "",
        "language": "en",
        "timezone": "",
        "custominfo": ""

See Also

GAM - OAuth User Scopes

HowTo: Use OAuth 2.0 Endpoints to authenticate with GAM as REST IDP Server

Last update: April 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant