SSO
The Djust SSO module enables integration with an external authentication system to allow users to securely log in to the Back Office (BO) and the Front Office Client (FOC).
Protocoles
The DJUST SSO module allows integration with external authentication systems to enable secure user login for both the Back Office (BO) and Front Office Client (FOC). It currently supports OpenID Connect (OIDC) with Google and Microsoft Azure.
This extended support enables seamless SSO integration with providers like Azure AD, Auth0, or Keycloak, as long as they are configured with the OIDC protocol.
Requirements
To successfully log in using SSO, a user must first exist on your platform. Even if authentication through OpenID Connect or OAuth2 succeeds, access to the Djust platform will be denied if the corresponding user is not registered in the BO.
Therefore, the user must exist as one of these user types:
- Internal User - For logging in as an Operator on the Back Office
- Supplier User - For logging in as a Supplier on the Back Office
- Customer User - For logging in as an Account on the Front Office Client
This ensures that identity verification is matched with platform-level permissions and configurations.
Using the SSO API
Please follow these steps in order to ensure proper usage of DJUST SSO module.
Step 1 - Getting all configured providers
GET /auth/sso/providers
HTTP Method GET
Path /auth/sso/providers
Request headers
| Header name | Value |
|---|---|
| dj-client | ACCOUNT, OPERATOR ou SUPPLIER |
| dj-api-key | string |
Response
[
{
"alias": "string",
"provider": "string"
}
]This endpoint returns the list of SSO identity providers configured for your platform. Djust supports multiple providers per tenant (e.g., Azure AD, Auth0, Keycloak), which allows different user groups or business units to authenticate using their respective systems.
The response is useful to know which providers you have at disposition and to display an explicit appropriate login button on your app.
Step 2 - Initializing the login flow
You'll now need to initialize the SSO login flow from a specific provider This action should generally be triggered when clicking on a provider's login button.
GET /auth/sso/init?kc_idp_hint=xxx&redirect_uri=xxx
HTTP Method GET
Path /auth/sso/init
Request headers
| Header name | Value |
|---|---|
| dj-client | ACCOUNT, OPERATOR ou SUPPLIER |
| dj-api-key | string |
Query parameters
| Header name | Type | Description |
|---|---|---|
kc_idp_hint | string | The provider's alias you got from step 1 |
redirect_uri | string | The URI to the page you'll want to be redirected to after the provider login operation. A dedicated login callback page URI is highly recommended here |
Response
No response body
Even though there is no body to the response, you will find the response header Location which contains the provider's URL you will need to redirect to.
Step 3 - Handling the provider's response and logging in
After the user's being logged using the provider's system, they will get redirected to the uri you passed as query parameter in step 2. This redirection will include a query params: code.
For example, if during Step 2, you did pass https://my-domain.com/auth/callback-page as redirect_uri; the actual redirection will be to https://my-domain.com/auth/callback-page?code=xxx
After successful authentication and redirection back to Djust, this endpoint is used to exchange the authorization code (provided by the identity provider) for a valid access token and refresh token. These tokens allow the user to access DJUST API securely.
POST /auth/sso/token
HTTP Method POST
Path /auth/sso/token
Request headers
| Header name | Example value |
|---|---|
| dj-client | ACCOUNT, OPERATOR ou SUPPLIER |
| dj-api-key | string |
Request body
{
"code": "string",
"redirectUri": "string" // Must be the same as you passed in Step 2
}
Response
{
"token":{
"accessToken":"string",
"expireAt":"number",
"refreshToken":"string"
},
"user":{
"id":"string"
}
}You now have the accessToken and refreshTokenthat are necessary to identify to the DJUST API.
Updated about 1 month ago