Single Sign-On (SSO) Integration Guide

Registration Process

To begin the integration process, third-party applications must register their account by sending an email to support@xeople with the following details:

• Company Name
• Contact Person Name
• Contact Email
• Application Name
• Return URL (Redirect URI)

Upon successful registration, a Client ID and Secret Key will be generated and shared with the requester via the provided email.

Authentication Flow

1. Obtain Client Credentials
   • After registration, you will receive a Client ID and Secret Key.
2. Redirect User to Authorisation Endpoint
   • Send users to the following authorisation URL:
     https://auth.xeople.com/authorize?client_id={CLIENT_ID}&redirect_uri={RETURN_URL}&response_type=code&scope=openid profile email.
3. User Authentication
   • The user logs in using their credentials.
4. Authorisation Code Exchange
   • Upon successful authentication, the authorisation server redirects the user back to your Return URL with an authorisation code.
5. Obtain Access Token
   • Exchange the authorisation code for an access token by making a POST request to the token endpoint:
     POST https://auth.xeople.com/token.
     • Headers:
       • Content-Type: application/x-www-form-urlencoded
     • Body:
       • grant_type=authorization_code
       • code={AUTHORIZATION_CODE}
       • client_id={CLIENT_ID}
       • client_secret={CLIENT_SECRET}
       • redirect_uri={RETURN_URL}
6. Access Protected Resources
   • Use the access token to make authenticated requests to the API.
   • Include the token in the Authorisation header: Authorization: Bearer {ACCESS_TOKEN}.

Token Expiry & Refresh

• Access tokens have a limited validity period.
• To refresh the token, use the refresh token grant: POST https://auth.xeople.com/token.
  • Body:
    • grant_type=refresh_token
    • refresh_token={REFRESH_TOKEN}
    • client_id={CLIENT_ID}
    • client_secret={CLIENT_SECRET}

Support

For any queries or technical assistance, contact support@xeople.