Hi Jolly, OAuth is used to make delegation of authorization. This means that you accord the authorization to a third party (that we'll called "Client") for accessing your ressources on a "Resource Server" (the website on which you are connected) on behalf the resource owner (you). So here you talk about the fonctionnality sso. You talk about authentication not authorization. It's not the same thing. SAML is the purpose of this (or shibboleth, open-id, etc.). But you can make something with OAuth.
Here is a solution... Imagine, that the "ResourceServer" provides a service which returns a unique identifier corresponding to the authenticated user (for exemple id = www.facebook.jolly.trivelly). This unique identifier will be used to identify your user on each website you want to be authenticated in (it could be the primary key in your sql database for exemple or 'login/password' but I don't recommend to share login/password between each website (for security considerations, evolution of credentials management, etc.)). When you click on the button of the "Client" in order to be authenticated, it generates a request from "Client" to "ResourceServer". It opens a popup which says "Do you accept that "Client" access your private data on "ResourceServer ?" ! And you answer "yes". It generates OAuth exchanges and finally you get an OAuth AccessToken that you can use to retrieve the unique identifer. When you have it, you have to search it in your sql database and load the account it corresponds to. Note : If you use this unique identifer, you do have (the first time) to associate both accounts also you'll have to authenticate on both site for making this association. Example : ResourceServer Database (central database) : - username : Jolly Trivelly - uniqueid : www.facebook.jolly.trivelly - login : jtrivelly - password : toto Client Database (server on which you want to be authenticate) : - username : Jolly Trivelly - uniqueid : www.facebook.jolly.trivelly - login : jtrivelly2 - password : tata I know, I change the credentials...it's just to show that using a uniqueid is a good practice to manage sso. Use Case (user is not authenticated on Resource Server) : - Client : Hello Resource server, can you give me the unique-id of authenticated user - Resource Server : No Authenticated user I'm sorry. (an authentication window from authentication server opening and you type your ResourceServer Credentials) - Resource Server : "User, tell me if you authorize Client to retrieve your unique identifier" - You : "yes" - Client : "ok, can you give me an AccessToken in order to retrieve the unique-id" - Resource server : "no problem you are authorized now" - Client I can now retrieve unique identifier ! - Client : The unique identifier is 'www.facebook.jolly.trivelly' ! It corresponds to jtrivelly2. I just have to load its account now. - You : I'm authenticated! Use Case (user is authenticated on Resource Server) : - Client : Hello Resource server, can you give me the unique-id of authenticated user - Resource Server : "User, tell me if you authorize Client to retrieve your unique identifier" - You : "yes" - Client : "ok, can you give me an AccessToken in order to retrieve the unique-id" - Resource server : "no problem you are authorized now" - Client I can now retrieve unique identifier ! - Client : The unique identifier is 'www.facebook.jolly.trivelly' ! It corresponds to jtrivelly2. I just have to load its account now. - You : I'm authenticated! Limitations : you have only one login/password ResourceServer (a kind of IdentityProvider). So you can just authenticate from this central website (Resource Server) to another website (opposite is not true). Bye 2013/2/18 Jolly Trivedi <jolly.triv...@gmail.com> > Can we use OAuth Provider for Single Sign On using the local SQl Database? > OR > I have a site with one user logged in. Now on click of button on this > site, I want to redirect to another site using the same credentials i.e. > Single Sign On feature. Is it possible using Auth Provider? > > Please guide me.. > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to oauth+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To unsubscribe from this group and stop receiving emails from it, send an email to oauth+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
