Single Sign On FAQ

Single Sign On FAQ

Last updated:October 29, 2024

We are excited to announce the upcoming launch of the new version of our Single Sign-On (SSO) service. This migration guide is specifically for customers with their own applications using our SSO. Follow the steps below to ensure a smooth transition.

Updated Endpoints

Please update your application to use the following new endpoints:
  • Authentication
    • From: /authentication/v1/authenticate
    • To: /sso/v2/authorize

  • Token Management
    • From: /authentication/v1/tokens
    • To: /sso/v2/token

  • User Information
    • From: /authentication/v1/users
    • To: /sso/v2/userinfo

  • Logout
    • From: /authentication/v1/logout
    • To: /sso/v2/logout

  • Session Tracker
    • From: /authentication/v1/sessionTracker/oasm.js
    • To: /sso/sessionTracker/oasm.js

Authorization Request Parameters

When making an authorization request to /sso/v2/authorize, please include the following parameters:
  • scope: Specifies the access privileges. For OpenID Connect, use:
    • openid: Indicates the use of the OpenID Connect protocol to verify the user’s identity
    • profile: Requests additional profile information such as name and preferred_username (email).
  • login_hint: (Recommended) Customizes the login prompt UI based on the CSS/JS styling set up at the indicated entity id.
Scope Parameter: Use space-separated values (e.g., scope=openid profile) to request OpenID Connect and profile information.
Consent Requirement: Users must consent during login if the profile scope requests Personal Identifiable Information like name and username (email).

User Info Response Parameters

When making a user information request to /sso/v2/userinfo, please note the change in the attached_to response parameter:
  • Previous Format:
    {
      "attached_to":[
    	{
    	  "id":"/PSPName",
    	  "type":"[name: PSP, value: 0]"
    	},
    	{
    	  "path":"/PSPName/DivisionName/MerchantName",
    	  "type":"[name: Merchant, value: 0]"
    	}
      ]
    }
  • Updated Format:
    {
      "attached_to":[
    	{
    	  "path":"/PSPName",
    	  "level":"PSP",
    	  "entityId":"[entity id]"
    	},
    	{
    	  "path":"/PSPName/DivisionName/MerchantName",
    	  "level":"MERCHANT",
    	  "entityId":"[entity id]"
    	}
      ]
    }

See also