Skip to main content

Examples

Integration examples and code samples

Common Use Cases

building-2building-2

Enterprise SSO

Single Sign-On for multiple internal applications using SAML 2.0.

Large organization with multiple web applications needing centralized authentication.

keykey

Mobile App Authentication

OAuth 2.0 / OpenID Connect integration for mobile applications.

Mobile apps requiring secure token-based authentication with refresh tokens.

cloudcloud

SaaS Integration

Federated authentication with cloud service providers.

Connecting corporate identity to Salesforce, Google Workspace, Microsoft 365.

shieldshield

API Gateway Protection

Securing APIs with OAuth 2.0 token validation.

Microservices architecture requiring centralized API authentication.

SAML 2.0 Service Provider Example

Configure a SAML 2.0 Service Provider for your application:

<!-- SAML SP Metadata -->
<EntityDescriptor entityID="https://app.example.com/saml/metadata"
  xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
  <SPSSODescriptor
    AuthnRequestsSigned="true"
    WantAssertionsSigned="true"
    protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

    <NameIDFormat>
      urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    </NameIDFormat>

    <AssertionConsumerService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      Location="https://app.example.com/saml/acs"
      index="0"/>

    <SingleLogoutService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      Location="https://app.example.com/saml/slo"/>
  </SPSSODescriptor>
</EntityDescriptor>

OAuth 2.0 / OpenID Connect Example

Authorization Code Flow (with PKCE)

// Step 1: Generate code verifier and challenge
const codeVerifier = generateRandomString(128);
const codeChallenge = base64UrlEncode(sha256(codeVerifier));

// Step 2: Redirect to authorization endpoint
const authUrl = new URL('https://idp.example.com/josso/oauth2/authorize');
authUrl.searchParams.set('client_id', 'your-client-id');
authUrl.searchParams.set('redirect_uri', 'https://app.example.com/callback');
authUrl.searchParams.set('response_type', 'code');
authUrl.searchParams.set('scope', 'openid profile email');
authUrl.searchParams.set('code_challenge', codeChallenge);
authUrl.searchParams.set('code_challenge_method', 'S256');

window.location.href = authUrl.toString();

Token Exchange

// Step 3: Exchange code for tokens
const tokenResponse = await fetch('https://idp.example.com/josso/oauth2/token', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
  },
  body: new URLSearchParams({
    grant_type: 'authorization_code',
    client_id: 'your-client-id',
    code: authorizationCode,
    redirect_uri: 'https://app.example.com/callback',
    code_verifier: codeVerifier,
  }),
});

const { access_token, id_token, refresh_token } = await tokenResponse.json();

Java Spring Boot Integration

Configure Spring Security with JOSSO as OIDC provider:

# application.yml
spring:
  security:
    oauth2:
      client:
        registration:
          josso:
            client-id: your-client-id
            client-secret: your-client-secret
            scope: openid,profile,email
            authorization-grant-type: authorization_code
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
        provider:
          josso:
            issuer-uri: https://idp.example.com/josso
            authorization-uri: https://idp.example.com/josso/oauth2/authorize
            token-uri: https://idp.example.com/josso/oauth2/token
            user-info-uri: https://idp.example.com/josso/oauth2/userinfo
            jwk-set-uri: https://idp.example.com/josso/oauth2/jwks
Previous
Configuration
Next
Releases