Ejemplos
Ejemplos de integracion y muestras de codigo
Casos de Uso Comunes
SSO Empresarial
Single Sign-On para multiples aplicaciones internas usando SAML 2.0.
Gran organizacion con multiples aplicaciones web que necesitan autenticacion centralizada.
Autenticacion de App Movil
Integracion OAuth 2.0 / OpenID Connect para aplicaciones moviles.
Apps moviles que requieren autenticacion segura basada en tokens con refresh tokens.
Integracion SaaS
Autenticacion federada con proveedores de servicios cloud.
Conectar identidad corporativa a Salesforce, Google Workspace, Microsoft 365.
Proteccion de API Gateway
Asegurando APIs con validacion de tokens OAuth 2.0.
Arquitectura de microservicios que requiere autenticacion de API centralizada.
Ejemplo SAML 2.0 Service Provider
Configura un Service Provider SAML 2.0 para tu aplicacion:
<!-- SAML SP Metadata -->
<EntityDescriptor entityID="https://app.example.com/saml/metadata"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor
AuthnRequestsSigned="true"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
</NameIDFormat>
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://app.example.com/saml/acs"
index="0"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://app.example.com/saml/slo"/>
</SPSSODescriptor>
</EntityDescriptor> Ejemplo OAuth 2.0 / OpenID Connect
Flujo Authorization Code (con PKCE)
// Step 1: Generate code verifier and challenge
const codeVerifier = generateRandomString(128);
const codeChallenge = base64UrlEncode(sha256(codeVerifier));
// Step 2: Redirect to authorization endpoint
const authUrl = new URL('https://idp.example.com/josso/oauth2/authorize');
authUrl.searchParams.set('client_id', 'your-client-id');
authUrl.searchParams.set('redirect_uri', 'https://app.example.com/callback');
authUrl.searchParams.set('response_type', 'code');
authUrl.searchParams.set('scope', 'openid profile email');
authUrl.searchParams.set('code_challenge', codeChallenge);
authUrl.searchParams.set('code_challenge_method', 'S256');
window.location.href = authUrl.toString(); Intercambio de Token
// Step 3: Exchange code for tokens
const tokenResponse = await fetch('https://idp.example.com/josso/oauth2/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
grant_type: 'authorization_code',
client_id: 'your-client-id',
code: authorizationCode,
redirect_uri: 'https://app.example.com/callback',
code_verifier: codeVerifier,
}),
});
const { access_token, id_token, refresh_token } = await tokenResponse.json(); Integracion Java Spring Boot
Configura Spring Security con JOSSO como proveedor OIDC:
# application.yml
spring:
security:
oauth2:
client:
registration:
josso:
client-id: your-client-id
client-secret: your-client-secret
scope: openid,profile,email
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
provider:
josso:
issuer-uri: https://idp.example.com/josso
authorization-uri: https://idp.example.com/josso/oauth2/authorize
token-uri: https://idp.example.com/josso/oauth2/token
user-info-uri: https://idp.example.com/josso/oauth2/userinfo
jwk-set-uri: https://idp.example.com/josso/oauth2/jwks