...
The SSO functionality that is built into MaverickCRM™ SHR CRM™ is designed to allow 3rd party sites to integrate guest login capabilities for use within the hoteliers website or mobile App and for a seamless transition between sites such as Booking Engine, Content Website and Guest Portal. Single Sign On (SSO) is compliant with OpenID Connect, using a standard Authorization Code Flow with PKCE and the associated tool is built using .net MVC as sample client application. However the client can be build using any OAuth Client SDK for your technology stack using the Authorization Code Flow with PKCE.
General Flow
The user clicks Login within the application.
Your OAuth Client SDK creates a cryptographically-random
code_verifier
and from this generates acode_challenge
.Your OAuth Client SDK redirects the user to the
...
SHR CRM™ Identity Server (
/authorize
endpoint) along with thecode_challenge
.The
...
SHR CRM™ Identity Server redirects the user to the login and authorization prompt.
The user authenticates using one of the configured login options and may see a consent page listing the permissions Your OAuth Client SDK will give to the application.
The
...
SHR CRM™ Identity Server stores the
code_challenge
and redirects the user back to the application with an authorizationcode
, which is good for one use.Your OAuth Client SDK sends this
code
and thecode_verifier
(created in step 2) to the
...
SHR CRM™ Identity Server
(/token
endpoint).The
...
SHR CRM™ Identity Server verifies the
code_challenge
andcode_verifier
.The
...
SHR CRM™ Identity Server responds with an ID Token and Access Token.
The ID Token contains a custom claim for
...
SHR CRM™
playerID
Your application can use the
playerID
and the Access Token to call
...
SHR CRM™ API(s) to access information about the user.
The API responds with requested data.
Sample MVC Application
Initial view before Guest logs in:
...
Page Properties | ||||||
---|---|---|---|---|---|---|
| ||||||
|