Skip to content
Shiwon Park edited this page Sep 10, 2025 · 3 revisions

Client Registration

To use the Infoteam IdP, all services need to register themselves as a client of Infoteam IdP.
The developers of the services can register their service in the client page of Infoteam IdP link.
image
After client registration, the developers can access the page above.
The developer can obtain the service ID and secret on this page and configure the redirect URI, the ID token, and the scope, which is the information that the service will receive from the OAuth part.

Use Oauth Part of IdP

To obtain the user's information through the Infoteam IdP, all services have to use the OAuth part of the IdP.

  • Authorization Code Flow The developer of the services needs to implement three processes.
  1. redirect to https://idp.gistory.me/authorize with param: client_id, code_challenge, code_challenge_method, state, redirect_uri, scope
    The frontend of the service needs to implement a redirection process to redirect to the URL above with the parameter.
    In this process, the redirect_uri in the parameter must be registered in the client registration step.
  2. Handling redirection with code and getting a token using code.
    After the first process, Infoteam IdP will redirect to the redirect_uri with the code parameter.
    The redirect_uri can be backend or frontend. However, it must have the code_challenge information.
    Therefore, we recommend the frontend handle this process.
    Then, get the token in /oauth/token with the code parameter.
  3. Getting a userinfo using ID token or /oauth/userinfo.
    If the service enabled the ID token in the client registration step, the ID token will be returned in the /oauth/token endpoint. The service can validate the ID token using the public key provided by Infoteam IdP and use the user's information.
    Or, using the /oauth/userinfo endpoint, the service can receive the user's information configured in the client registration process.
sequenceDiagram
participant IdPFe as IdP FrontEnd
participant ClientFe as Client Frontend
participant Client
participant IdP

critical Requesting Login
  ClientFe ->> Client: Request IdP Login
  Client ->> ClientFe: REDIRECT idp.gistory.me/authorize
  ClientFe ->> IdPFe: 
end

IdPFe ->> IdPFe: login or sign up

IdPFe ->>+ IdP: client_id, code_challenge, code_challenge_method, redirect_uri, scope, "IdP jwt user token"
note right of IdP: GET /oauth/authorize
IdP ->>- ClientFe: REDIRECT <client url>?code=code

ClientFe ->> IdP: client_id, code, code_verifier
note right of IdP: POST /oauth/token

alt client doesn't use id token
  IdP ->> ClientFe: access token, refresh token, id token
  ClientFe ->>+ Client: access token, refresh token, id token
  Client ->> Client: service logic with id token
  Client ->>- ClientFe: 
else  
  IdP ->> ClientFe: access token, refresh token
  ClientFe ->>+ Client: access token, refresh token
  Client ->>+ IdP: access token
  note right of IdP: POST /oauth/userinfo
  IdP ->>- Client: user's information
  Client ->> ClientFe: 
end

Loading
  • Refresh Token Grant
sequenceDiagram
participant ClientFe as Client Frontend
participant IdP

ClientFe ->>+ IdP: client_id, refresh_token
note right of IdP: POST /oauth/token

IdP ->>- ClientFe: access token, refresh token, (id token)
Loading
  • Client Credential flow

Client를 만들면, 같이 나오는 client의 id와 secret을 이용해서, client가 user의 정보를 가져올 수 있도록 합니다.

sequenceDiagram
participant Client
participant IdP

Client ->>+ IdP: client_id, client_secret, scope
note right of IdP: POST /oauth/token

IdP ->>- Client: access token, refresh token

opt if client want to get userinfo
  Client ->>+ IdP: access token, user id
  note right of IdP: POST /oauth/userinfo
  IdP ->>- Client: userinfo
end
Loading

Use ID token

To the convenience of client service and reduce the /userinfo api call, Infoteam IdP provides the OpenID service.

Clone this wiki locally