Versions Compared

Old Version 1

changes.mady.by.user Stephen Day

Saved on

compared with

New Version 6

changes.mady.by.user John West

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The SSO functionality that is built into MaverickCRM™ AlloraCRM™ is designed to allow 3rd party sites to integrate guest login capabilities for use within the hoteliers website or mobile App and for a seamless transition between sites such as Booking Engine, Content Website and Guest Portal. Single Sign On (SSO) is compliant with OpenID Connect, using a standard Authorization Code Flow with PKCE and the associated tool is built using .net MVC as sample client application. However the client can be build using any OAuth Client SDK for your technology stack using the Authorization Code Flow with PKCE.

General Flow

  1. The user clicks Login within the application.

  2. Your OAuth Client SDK creates a cryptographically-random code_verifier and from this generates a code_challenge.

  3. Your OAuth Client SDK redirects the user to the

...

  1. AlloraCRM™ Identity Server (/authorize endpoint) along with the code_challenge.

  2. The

...

  1. AlloraCRM™ Identity Server redirects the user to the login and authorization prompt.

  2. The user authenticates using one of the configured login options and may see a consent page listing the permissions Your OAuth Client SDK will give to the application.

  3. The

...

  1. AlloraCRM™ Identity Server stores the code_challenge and redirects the user back to the application with an authorization code, which is good for one use.

  2. Your OAuth Client SDK sends this code and the code_verifier (created in step 2) to the

...

  1. AlloraCRM™ Identity Server (/

...

  1. token endpoint).

  2. The

...

  1. AlloraCRM™ Identity Server verifies the code_challenge and code_verifier.

  2. The

...

  1. AlloraCRM™ Identity Server responds with an ID Token and Access

...

  1. Token.

  2. The ID Token contains a custom claim for AlloraCRM™ playerID

  3. Your application can use the playerID and the Access Token to call

...

  1. AlloraCRM™ API(s) to access information about the user.

  2. The API responds with requested data.

Sample MVC Application

Initial view before Guest logs in:

...

Profile information page:

...

...

The sample code for the application described above can be found here.

 

Page Properties
hiddentrue

Method

n/a

Summary

Getting Started - Introduction

Allora™ CRM SSO Details

Revision

v1.0