By: Scott Deardorff user 03 Sep 2015 at 4:47 p.m. CDT

3 Responses
Scott Deardorff gravatar
I am considering the gluu server and have not been able to find the answer to the following question. Can the Gluu server support 3rd party API access with a 3rd party OP? To be more specific. I have an API resource protected by mod_auth_openidc. I want a 3rd party developer to be able to access my mod_auth_openidc protected resource on behalf of a 3rd party site user. The 3rd party site user is using Google as their OP. The 3rd party developer is registered with my site and uses Oauth2 JWT to access the protected resource. This works if the site user is also registered with my Oauth Provider (OP), but what if the site user is registered with a different OP, like say Google. I need for the user to be prompted with "3rd party developer X wants to access claims y,z,foo do you want to allow access" then return authentication to my OP, which will then deliver a token to the 3rd party developer that can be used to access said protected resource. The flow is something like: 1. User hits 3rd party developer site. 2. 3rd party developer forward them to my OP discovery page 3. User is given choice of local login, or login w/ google. 4. User logs in with google and is asked if 3rd party developer can have permissions to access my protected resource on the users behalf. 5. Google redirects user back to my OP. My op generates an access token and delivers the user and the token back to the 3rd party developer. 6. 3rd party developer uses token to access my protected resource with validates the token w/ my OP using token introspection endpoint. Can the Gluu server handle the above scenario, and if so, what pieces/config of gluu will I need to support this scenario?

By Michael Schwartz Account Admin 14 Sep 2015 at 3:06 p.m. CDT

Michael Schwartz gravatar
Sorry for the delayed response. This one slipped through the cracks. What I would recommend is that you setup the Gluu Server to accept Google credentials. You still want to dynamically enroll this person in your IDP (i.e. your Gluu Server). Maybe take a look at this article about [Google Social Login](http://www.gluu.org/docs/articles/social-login-google/) Also, if you can wait until tomorrow, we're going to ship 2.3.4 with the Google script installed by default.

By Scott Deardorff user 22 Sep 2015 at 2:50 p.m. CDT

Scott Deardorff gravatar
Thought I would give this a test and see if it works. Having issues installing on Ubuntu, opened an issue. I'll post whether or not it works, after I can get this installed.

By Mohib Zico staff 28 Sep 2015 at 2:34 a.m. CDT

Mohib Zico gravatar
Scott, Ubuntu installation should be fixed by now, please feel free to test.