In this article, you will learn how to enable Single Sign-On (SSO) using OAuth 2.0, allowing access to the Komet Sales E-Commerce through third-party websites.

Important

This integration should be executed by an IT professional. In case you have any questions about the process, please contact us at s upport@kometsales.com .

White Label Available

OAuth 2.0 supports white label, meaning that your company's brand will appear instead of the Komet Sales brand when users are accessing the e-commerce. If you want to have this option enabled, please contact us. If you want to use your own URL, a SSL is necessary as well as a CNAME record for it.

Which grant type is used to connect with Komet Sales?

We use Implicit, which is the most common grant type for web-based application such as Komet Sales. It is important to point out that this grant type does not support refresh tokens.

Key Terms:

User/Resource Owner: Makes the request through the link provided by the company.
Application: The third-party website.
User-Agent: The web-browser.

Enable SSO

Komet Sales team will proceed with the setup and will send you the authorization server, the CLIENT ID (which is used for the request) and the CLIENT SECRET, which is used in the request sent along with the token generated (step 7) in order to access directly to the E-commerce application.
When you want your users to go to Komet Sales, you should redirect the users to the following address:
- URL: https://auth.kometsales.com/oauth/authorize?response_type=token&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI
  response_type: Always use “token”.
  client_id: The client ID is provided for Komet Sales. It must be sent in every request.
  redirect_uri: the Application URL where the user will be redirected. It must be sent in every request to avoid identity theft and it must be the same that you provided in step #1 above.
  state (optional): Any additional information from your website that you want to use to identify the user. e.g.: e-mail, userId, login, etc.
When you want your users to go to Komet Sales, you should redirect the users to the following address:
- URL: https://auth.kometsales.com/oauth/authorize?response_type=token&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI
  response_type: always type "token"
  client_id: provided for Komet Sales. It must be sent in every request.
  redirect_uri: the URL where the user will be redirected. It must be sent in every request to avoid identity theft and it must be the same that you provided in step #1 above.
  state (optional): Any additional information from your website that you want to use to identify the user. e.g.: e-mail, userId, login, etc.
Once enabled, the user will click on your website in order to access to Komet Sales. The user will be redirected to a page like the following if the user logins for the first time, in order to authenticate their identity:
Once the user enters the access credentials, the user should authorize or deny the application access to their account.
Once the user clicks on Approve, the system redirects the user to the defined URI and this URI will include the access token (take into account that the token will never expire). You should store the token in your side so your user-agent uses it to later access to the Komet Sales application. For example:
URL: https://your_website.com?access_token=4354fdsdsdff343
Once you receive the user in your website and stores the token, you should redirect the user to the Verify process with all the keys obtained during the previous steps.
This call should look like the following:
- URL: https://app.kometsales.com/oauth2/verify.do?token=TOKEN&client_id=CLIENT_ID&client_secret=CLIENT_SECRET
  token: the authentication token that was returned in step #6
  client_id: provided for Komet Sales in step #2
  client_secret: provided for Komet Sales in step #2
  state (optional): the same value that you provided in step #3.

First-time login screen.

Access confirmation screen.

Get Token Metadata

Once you've obtained the access token, you can get additional information on customers associated with the user in the form of metadata. You can get this additional information using the API request described below.

Request

This method requests a basic authentication where the user is the client_id and the password will be the client_secret.

Headers

URL: https://auth.kometsales.com/oauth/check_token

Method: POST

Content-Type: application/x-www-form-urlencoded; charset=utf-8'

Input parameters

client_id

Provided for Komet Sales in step #2

token (required)(string:50)

Security token.

clientsecret

Provided for Komet Sales in step #2

## Oauth 2 - Production - Check Token 
curl -X "POST" "https://auth.kometsales.com/oauth/check_token" \ 
-H 'Cache-Control: no-cache' \ 
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \ 
-u '0a448854c90376777bedb88f7b42da82:bc4d4538e47cc82c82c370aa91ca560670fe26d6120b64a13d98794f449e20b9' \ 
--data-urlencode "token=b217abe7-792d-45f1-a91a-17db5f436410"

Response

name (string:200)

User’s name.

scope (string:50)

Specifies an array of allowed scopes.

lastname (string:50)

User’s last name.

customer (array)

An array containing customer information.

id (integer 10)

Customer ID.

name (string:200)

Customer’s name.

code (string:10)

Customer code.

{
   "aud": [
      "ks-ecommerce"
   ],
   "user_name": "diego+ecommerce@kometsales.com",
   "scope": [
      "READ",
      "WRITE"
   ],
   "last_name": "Garcia",
   "customers": [
      {
         "id": 141839,
         "code": "Render",
         "name": "Customer 6"
      },
      {
         "id": 148121,
         "code": "148121",
         "name": "Customer 8"
      }
   ],
   "first_name": "Diego",
   "authorities": [
      "ROLE_USER"
   ],
   "account": "4d544d344d44513d",
   "client_id": "0a448854c90376777bedb88f7b42da82"
}

Knowledge Base

Single Sign On (SSO)