Authentication
Participating partners will be obligated to provide external URL(s) for the service utilizing SSO. These will be granted as part of the certification process and added to the application for allowing access.
How It Works
The SSO functionality that is built into MaverickCRM™ is designed to allow 3rd party sites to integrate guest login capabilities for use within the hoteliers website or mobile App and for a seamless transition between sites such as Booking Engine, Content Website and Guest Portal. Single Sign On (SSO) is compliant with OpenID Connect, using a standard Authorization Code Flow and the associated tool is built using .net MVC.
General Flow
The user clicks Login within the application.
Your OAuth Client SDK creates a cryptographically-random
code_verifierand from this generates acode_challenge.Your OAuth Client SDK redirects the user to the MaverickCRM™ Identity Server (
/authorizeendpoint) along with thecode_challenge.The MaverickCRM™ Identity Server redirects the user to the login and authorization prompt.
The user authenticates using one of the configured login options and may see a consent page listing the permissions Your OAuth Client SDK will give to the application.
The MaverickCRM™ Identity Server stores the
code_challengeand redirects the user back to the application with an authorizationcode, which is good for one use.Your OAuth Client SDK sends this
codeand thecode_verifier(created in step 2) to the MaverickCRM™ Identity Server(/oauth/tokenendpoint).The MaverickCRM™ Identity Server verifies the
code_challengeandcode_verifier.The MaverickCRM™ Identity Server responds with an ID Token and Access Token (and optionally, a Refresh Token).
Your application can use the Access Token to call a the MaverickCRM™ API to access information about the user.
The API responds with requested data.
Sample MVC Application
Initial view before Guest logs in:
View after Guest logs in:
Profile information page:
