Create IdP for SPA
You can use SiX IDaaS & IAM to create an "Identity Provider(IdP)" for your "Single Page Application(SPA)".
TIP
IdP created via SiX IDaaS & IAM console or APIs is supposed to associate with one or more OAuth2 clients.
In case you associate more than one OAuth client to one same IdP and set these clients to seperate SPAs, then the user of the IdP gain the SSO for these SPAs.
"IdP/OAuth client" association supports the OIDC/OAuth2 protocols out of box.
Interaction flows
Below is the typical flow that one or more SPAs leveraging SiX IDaaS & IAM to achieve SSO for the SPAs user.
For the OIDC protocol and authorization_code grant flow, please refer to: OpenID Connect Basic Client Implementer's Guide
Steps to create IdP for SPA
1. Create an Identity application
Login the SiX IDaaS & IAM console.
Navigating to menu: "Authentication->Create Identity Application(IdP)" to create the Identity application for the SPA.
2. Create one public OAuth client and associate it with Identity application
Login the SiX IDaaS & IAM console.
Navigating to menu: "Authorization->Create Oauth Client" to create the OAuth client and bind this client to the "Identity Application" create in the last step.
TIP
Please be noted, for the SPA, one public OAuth client should be used.
3. Install one OAuth client module into your SPA.
According to the development language of your SPA, you can install one community OAuth client module to your application.
Put the OAuth client and IdP config e.g. client_id, authorization server authorize endpoint, token endpoint into your SPA.
Trigger the OAuth authorization code flow from SPA, you get the IdP works.
TIP
Please see the below IdP sample screenshot and the sample code for one VUE based SPA.
Advanced features
Customer branded IdP
The IdP created can be configured to match the customer branded styles e.g. using company logo, font, color etc.
Multiple authentication source supported
Except authentication/authorization and the UI provided by the platform tenancy, you can delegate the authentication to other sources e.g. other OIDC identity provider or SAML2 identity provider. Platform will be in charge of this authentication delegation.
More info please see:
IdP share to sub-orgs
You can share your Identity application to its sub-orgs then the sub-orgs can directly use this Identity application.
One typical case is: you can create one IdP at your enterprise level and share it all the departments, all the employees in your enterprise can use this same IdP.
Samples
SPA IdP sample 1 screenshot
SPA IdP sample 2 screenshot
SPA IdP sample code repo
TIP
If you can't access the repo, please contact us via the contact info on Contact Us