12 Single Sign On (SSO) using OAuth2 and OpenID Connect

 

This chapter covers

  • What is Single Sign On (SSO)
  • Applying OAuth2 and OpenID Connect

Suppose that over the years, Acme Inc. has experienced phenomenal growth, expanding both its business and customer base. As the company flourished, so did its number of employees and the demand for its services. Both employees and customers rely on various applications provided by the enterprise to interact with the company.

As an employee, managing multiple sets of credentials for different applications throughout the workday is inconvenient and inefficient. Likewise, customers prefer the convenience of using their existing social media login credentials when accessing the Acme Inc. online store.

Simple applications may manage user credentials independently. However, as systems expand and become more complex, strategies for handling authentication and authorization must evolve accordingly. In this chapter, we will explore how large-scale systems implement authentication and authorization effectively.

Figure 12.1 illustrates Jeanny, an employee at ACME Inc.

Figure 12.1 Jeanny uses multiple apps as part of her daily work routine, requiring her to authenticate into each one individually every day.

12.1 Splitting security data management responsibilities

12.2 Using authentication flows

12.2.1 The authorization code grant type

12.2.2 What actually are the tokens?

12.2.3 The client credentials grant type

12.3 Applying OpenID Connect to Acme Inc.

12.4 Summary