Forum Discussion

raguv12ps's avatar
raguv12ps
Ace
3 years ago

Use Khoros as IDP

We are having a Third party software and want to set up a login option to have Khoros community as an IDP provider similar to Google or Facebook.

Do we have this feature to use Khoros as an IDP provider using any means.
OAUth2, SAML etc.

  • AdamN's avatar
    AdamN
    3 years ago

    raguv12ps Although it's not necessarily the intent to have Community serve as a full-fledged IDP, you could use the OAuth 2.0 authorization grant flow to provide authorization from Community to some other external service. The main gap would be with user attributes, but you could use the access token you obtain to make additional API calls to obtain things like e-mail address, first name, last name, etc.

  • AdamN's avatar
    AdamN
    Khoros Oracle
    3 years ago

    raguv12ps Although it's not necessarily the intent to have Community serve as a full-fledged IDP, you could use the OAuth 2.0 authorization grant flow to provide authorization from Community to some other external service. The main gap would be with user attributes, but you could use the access token you obtain to make additional API calls to obtain things like e-mail address, first name, last name, etc.

  • raguv12ps's avatar
    raguv12ps
    Ace
    3 years ago

    Thanks for the response StanGromer, I will look into it.


    What is confusing is, Khoros has an OAuth2.0 grant flow mentioned in their docs for API access using access tokens, which seems similar to standard Google OAuth2.0 flow for third party apps.

    The problem is I'm not sure if we can use this as an IDP. I might be missing something though.

  • raguv12ps's avatar
    raguv12ps
    Ace
    3 years ago

    Thanks AdamN for the clarification,
    Since Khoros doesn't return a JWT with user data, I was actually thinking something of the same lines to fetch User attributes with access token. 

    It's an internal organization team, so I think I'm good with providing wider access to data in terms of API.
    Might be a concern for other third party apps.

  • StanGromer's avatar
    StanGromer
    Boss
    3 years ago

    No, Community (Khoros) only acts as a service provider. You'd have to use something like OKTA and have Khoros as an app behind it.