Single Sign On (SSO)
In this article, you will learn how to enable Single Sign-On (SSO) using OAuth 2.0, allowing access to the Komet Sales E-Commerce through third-party websites.
Important
This integration should be executed by an IT professional. In case you have any questions about the process, please contact us at support@kometsales.com.
White Label Available
OAuth 2.0 supports white label, meaning that your company's brand will appear instead of the Komet Sales brand when users are accessing the e-commerce. If you want to have this option enabled, please contact us. If you want to use your own URL, a SSL is necessary as well as a CNAME record for it.
Table of Contents
Which grant type is used to connect with Komet Sales?
We use Implicit, which is the most common grant type for web-based application such as Komet Sales. It is important to point out that this grant type does not support refresh tokens.
Key Terms:
User/Resource Owner: Makes the request through the link provided by the company.
Application: The third-party website.
User-Agent: The web-browser.
Enable SSO
Komet Sales team will proceed with the setup and will send you the authorization server, the CLIENT ID (which is used for the request) and the CLIENT SECRET, which is used in the request sent along with the token generated (step 7) in order to access directly to the E-commerce application.
When you want your users to go to Komet Sales, you should redirect the users to the following address:
response_type: Always use “token”.
client_id: The client ID is provided for Komet Sales. It must be sent in every request.
redirect_uri: the Application URL where the user will be redirected. It must be sent in every request to avoid identity theft and it must be the same that you provided in step #1 above.
state (optional): Any additional information from your website that you want to use to identify the user. e.g.: e-mail, userId, login, etc.
When you want your users to go to Komet Sales, you should redirect the users to the following address:
response_type: always type "token"
client_id: provided for Komet Sales. It must be sent in every request.
redirect_uri: the URL where the user will be redirected. It must be sent in every request to avoid identity theft and it must be the same that you provided in step #1 above.
state (optional): Any additional information from your website that you want to use to identify the user. e.g.: e-mail, userId, login, etc.
Once enabled, the user will click on your website in order to access to Komet Sales. The user will be redirected to a page like the following if the user logins for the first time, in order to authenticate their identity:
Once the user enters the access credentials, the user should authorize or deny the application access to their account.
Once the user clicks on Approve, the system redirects the user to the defined URI and this URI will include the access token (take into account that the token will never expire). You should store the token in your side so your user-agent uses it to later access to the Komet Sales application. For example:
Once you receive the user in your website and stores the token, you should redirect the user to the Verify process with all the keys obtained during the previous steps.
This call should look like the following:
token: the authentication token that was returned in step #6
client_id: provided for Komet Sales in step #2
client_secret: provided for Komet Sales in step #2
state (optional): the same value that you provided in step #3.
Get Token Metadata
Once you've obtained the access token, you can get additional information on customers associated with the user in the form of metadata. You can get this additional information using the API request described below.
Request
This method requests a basic authentication where the user is the client_id and the password will be the client_secret.
Headers
URL: https://auth.kometsales.com/oauth/check_token
Method: POST
Content-Type: application/x-www-form-urlencoded; charset=utf-8'
Input parameters
client_id
Provided for Komet Sales in step #2
token (required)(string:50)
Security token.
clientsecret
Provided for Komet Sales in step #2
## Oauth 2 - Production - Check Token
curl -X "POST" "https://auth.kometsales.com/oauth/check_token" \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-u '0a448854c90376777bedb88f7b42da82:bc4d4538e47cc82c82c370aa91ca560670fe26d6120b64a13d98794f449e20b9' \
--data-urlencode "token=b217abe7-792d-45f1-a91a-17db5f436410"
Response
name (string:200)
User’s name.
scope (string:50)
Specifies an array of allowed scopes.
lastname (string:50)
User’s last name.
customer (array)
An array containing customer information.
id (integer 10)
Customer ID.
name (string:200)
Customer’s name.
code (string:10)
Customer code.
{
"aud": [
"ks-ecommerce"
],
"user_name": "diego+ecommerce@kometsales.com",
"scope": [
"READ",
"WRITE"
],
"last_name": "Garcia",
"customers": [
{
"id": 141839,
"code": "Render",
"name": "Customer 6"
},
{
"id": 148121,
"code": "148121",
"name": "Customer 8"
}
],
"first_name": "Diego",
"authorities": [
"ROLE_USER"
],
"account": "4d544d344d44513d",
"client_id": "0a448854c90376777bedb88f7b42da82"
}
Related Articles
-
Order Cancellation Webhook (Knowledge Base)
-
FMI Farms Integration (Knowledge Base)
-
Settings (Knowledge Base)
-
Getting Started (API)
-
Data Import (Knowledge Base)