Search

Authenticating with Microsoft or Google

  • Updated

Users are authenticated by the GSS application using an implementation of an IdentityServer.

IdentityServer is an open-source framework for implementing authentication and authorization in modern web applications. It supports various protocols, such as OAuth 2.0 and OpenID Connect, which are standards for secure authentication and authorization.

Here’s a breakdown of how IdentityServer works with Microsoft Authentication, using Azure AD as an identity provider (IdP):

  1. The user login process initiates at identity.gosweetspot.com 

    1. It supports multiple authentication mechanisms
      1. Username (email) and password
      2. Microsoft Authentication
      3. Google Authentication

  2. Microsoft or Google Authentication

    1. Microsoft Authentication - Redirect to Azure AD
      1. Once the user selects Microsoft Authentication (Azure AD), IdentityServer redirects the user to Azure AD's login page (for example, a Microsoft login page or an enterprise login page).
      2. If the user is already authenticated with Microsoft, Azure AD will handle this without requiring further interaction. If the user is not logged in, they will be prompted to authenticate.
      3. Azure AD authenticates the user (via username/password, Multi-Factor Authentication (MFA), etc.).
      4. Azure AD then sends an authorization code to IdentityServer (via the redirect URI).
    2. Google Authentication
      1. Once the user selects Google Authentication, IdentityServer redirects the user to Google's login page 
      2. If the user is already authenticated with Google, it will handle this without requiring further interaction. If the user is not logged in, they will be prompted to authenticate.
      3. Google authenticates the user (via username/password, Multi-Factor Authentication (MFA), etc.).
      4. Google then sends an authorization code to IdentityServer (via the redirect URI).

    3. IdentityServer Processes Authorization Code

      1. IdentityServer receives the authorization code from Azure AD or Google and exchanges it for an access token and an ID token from Azure AD.
      2. The ID token contains information about the authenticated user, such as their name, email, and other attributes (claims).
      3. IdentityServer validates the ID token to ensure it was issued and has not been tampered with.

    4. IdentityServer Issues Tokens

      1. IdentityServer can then issue an access token or ID token to the client application, allowing the user to access protected resources.
      2. The access token is used to authorize the user to interact with APIs or services, while the ID token is used for authentication purposes and contains user identity information.

    5. User Accesses Protected Resources

      1. The user now has authenticated access to the application and any other services that accept the IdentityServer-issued tokens.
  •