Intuizi Documentation

On this page
Print / Download as PDF

Single Sign On (SSO)

Intuizi fully supports Single Sign-On (SSO) with OAuth 2.0.

Introduction

OAuth doesn’t share password data but instead uses authorization tokens to prove an identity between consumers/clients and service providers. OAuth, in general, is a protocol for providing the ability to authorize a token to make authorized requests on behalf of a user without exchanging or exposing the username and or password.

OAuth 2.0 is not the same as OAuth 1.0. OAuth 2 uses the common practice of TLS/SSL connections to handle communication security whereas OAuth 1 relies on complicated signature signing and can be used over nonsecure connections.

Creating an App

Intuizi is using OAuth 2.0 with authorization codes to get an access token after authorizing an app.

To get started, you will need to register your app on Intuizi Console. It can be done by sending a request to your account manager with the following information:

  • App Name
  • Redirect URL
    The redirect URL is where the user will be redirected after approving or denying a request for authorization.

Once your request has been approved, you will be issued a client ID and client secret. These values will be used to request access tokens from your application.

Authorization

Once your app is created, you may use your client ID and secret to request an authorization code and access tokens from Intuizi Console.

The Authorization Code grant type is a 2 part process. The code token must be requested and then exchanged for an access token.

Auth Code

Request

GET
https://console.intuizi.com/oauth/authorize
  • client_id (required)– The client ID making the request
  • redirect_uri (optional|required) – The URL which to redirect back to.
  • response_type (required) – Must be set to “code”
  • scope (optional) – Space delimited scope
  • state (optional) – Client generated CSRF token. This value will be passed back to the client.


Response

  • code (string) – The authorization code.
  • state (mixed) – If a state parameter were supplied in the request, it would be returned.

Access Token

Once you successfully created the authorization code, you must make another request to obtain the access token.

Request:

POST
https://console.intuizi.com/oauth/token
  • grant_type – authorization_code
  • code (required) – The auth code returned from the previous request
  • client_id (required) – The client id
  • client_secret (required) – The client secret
  • redirect_uri (optional|required) – URL to redirect the user back to


Response

The response will be in JSON format

  • access_token – The access token
  • expires_in – Time the access token expires in seconds from current time
  • scope – The scopes authorized for this access token
  • refresh_token – The refresh token

User Information

To retrieve user information by the access token:

Request:

GET
https://console.intuizi.com/api/user/info
  • access_token (required) – Valid access token


Response

The response will be in JSON format

  • id – User Identifier
  • first_name – User first name
  • last_name – User last name
  • email – User email