3. Grip SSO Option (Proprietary)

3. Grip SSO Option (Proprietary)

This document will highlight all process flow for two SSO scenarios when integrated and what you need to ask the clients for and also what you need to agree.

There are two scenarios that we will use for this SSO integration; Passthrough and Direct Login Flow.

Below is a quick overview of each process alongside an attached flow diagram.

Passthrough Login Flow:

  1. User-->Client Website: Signin
  2. Client Website-->Client SSO: Login on Client
  3. Client SSO-->Client Website: OK
  4. Client Website-->Client Website: Show Link to Grip Web with a user specific token e.g. "ABCDEFG"
  5. User-->Client Website: Click Link with that token in URL
  6. User-->Grip Web: Redirected to Grip Web
  7. Grip Web-->Grip API: Check token "ABCDEFG"
  8. Grip API-->Client SSO: Check token "ABCDEFG"
  9. Client SSO-->Grip API: Valid token for Reg ID "123456"
  10. Grip API-->Grip API: Login on Grip with Reg ID "123456"
  11. Grip API-->Grip Web: OK
  12. Grip Web-->User: Show Web Networking

Direct Login Flow

  1. User-->Grip Web: Login
  2. Grip Web-->Grip API: Login
  3. Grip API-->Client SSO: Login with email/password
  4. Client SSO-->Grip API: Valid token for Reg ID "123456"
  5. Grip API-->Grip API: Login on Grip with Reg ID "123456"
  6. Grip API-->Grip Web: OK
  7. Grip Web-->User: Show Web Networking

GRIP Requirements

Requirements for Passthrough: 

Grip needs to be able to identify each user as well as the event the user is attempting to log in to.

  • 1. Client and Grip need to agree on a new Grip Web Networking URL e.g. <xxxpass">https://matchmatching.grip.events/EVENTNAME/<XXXpass></xxxpass">
  • 2. Client to decide what the token (this can be a token that is short lived) is and add it to Grip's web networking URL as a query parameter for successful sign in on Client Website
  • 3. Client to inform Grip how we can check the validity of said token
  • 4. Client to inform Grip which token matches which registration ID for their event

Requirements for Direct Login Flow: 

Grip needs to be able to identify each user as well as the event the user is attempting to log in to.

  • 1. Client to inform Grip how we can check the validity of user login credentials
  • 2. Client to inform Grip which registration ID matches which login credentials for their event.

Flow Diagram of Client SSO Options: