Cross-platform third-party platform login and single sign-on

Cross-platform third-party platform login and single sign-on

Official introduction:

单点登录：简称为 SSO，是比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中，用户只需要登录一次就可以访问所有相互信任的应用系统。

Personal understanding:

 对于单点登录和第三方平台登录功能我还是习惯以自己的理解去记忆：
   单点登录： 从A平台通过链接方式到B系统，中间免去登录过程。
   第三方登录： 从A平台通过B平台的登录进入A系统。中间免去A平台的直接登录，使用B平台的用户认证。
   其实在功能实现流程上来说，“第三方登录”就是包含了“单点登录”流程。

Case realization:

Platform AAA and platform BBB directly implement third-party platforms and single sign-on, the requirements are as follows:

 (1) 从AAA 平台登录界面使用“第三方平台登录”进入BBB平台登录界面，登录成功后进入AAA平台。

 (2) 从BBB平台内容，通过aaa链接点击直接进入AAA平台.

In fact, the requirement (1) has already met the function of (2), but a user login process is needed in the middle. This article mainly takes (1) as an example.

Functional Analysis:

1. Click "BBB platform login logo" to enter the login interface, enter the user name and password to log in. This process requires the use of BBB platform user authentication .
2. After the login authentication is successful, you need to jump to the AAA platform page. At this time, the AAA platform needs to provide a callback address for the BBB platform to jump to the AAA platform after passing the authentication.
3. After entering the AAA platform, the AAA platform needs to enter the system through user authentication of its own system .

The above are the three core business processes, but other factors need to be integrated in the implementation process: security, user authentication, etc.
For example, 1.
AAA and BBB platforms both have their own user authentication systems, and it is not recommended to share user permissions, which will lead to cross-authority access;
2. Information interaction between the two platforms, if security is not done well, platform data is prone to problems. . .

Function and process design:

The realization of the function requires the cooperation of two platforms. First: the AAA platform system applies for system resources from the BBB platform (user information is used in this example).
Second: The BBB system needs to process the resource information after it gets the resource.

BBB platform work:
1. AAA platform is required to provide a callback address.
2. Provide APIs such as application resources to the AAA platform. In this process, information cannot be provided directly, and tokens are required. Ensure system data security.
The process is as follows:

AAA platform work

• After the AAA platform obtains the token, it obtains the user information of the BBB platform. At this time, it is generally necessary to establish association information between the user and the user of the system. Uses: 1. Directly log in next time to avoid the operation of establishing a relationship. 2. Extract user information of this system and use this system for user authentication.

The next work is mainly an authentication system of the AAA platform itself, and the core business process is an authentication process of the BBB platform.

This article describes this, there are a lot of details, you can leave a message if you are interested in discussing it! The above only expresses my personal understanding and processing methods. JWT (Token generation encryption and analysis) and Spring Security (user authentication) are used in the middle.