This document outlines the steps required for a product to onboard and utilize the Cross Application Single Sign-On (SSO) feature provided by Harmony Auth. Cross App SSO allows users to seamlessly authenticate across multiple applications within the same ecosystem without needing to log in separately for each application.
This is needed for system to system (s2s) authentication from Harmony Auth to your product so Harmony Auth can invoke your product's /authorize endpoint. Provide Platform Services with the client credentials so we can generate a token before invoking your product's /authorize endpoint.
This endpoint will be called by Harmony Auth to authorize the authenticated user for your specific product. Your product must implement an /authorize endpoint with the following structure:
POSTContent-Type: application/x-www-form-urlencodedAuthorization: Bearer <access_token>The request body should be form URL-encoded and contain the fields defined in ProductSpecificAuthorizeRequest
Your endpoint should return a JSON response containing the fields defined in ProductSpecificAuthorizeResponse:
POST /authorize
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer <access_token>
userId=user123&userEmail=user123@districtDomain.com&tenantId=tenant123
{
"isAuthorized": true,
"customClaims": {
"idToken": {
"role": ["admin", "user"],
"department": ["sales"]
},
"accessToken": {
"permissions": ["read", "write"]
}
}
}
Share the following details with Platform Services to complete the onboarding process:
/authorize endpointOnce the above steps are completed, Platform Services will test the integration to ensure that:
/authorize endpoint is reachable and responds correctlyProductSpecificAuthorizeResponse interface