...
dRofus applications, both web and desktop, require a logged in user. At login, username, password and project selection is required. Project selection consists of selecting server, database and project (if multiple configured in a database).
Login to dRofus integrated application relies on OIDC-standard. The following steps summarizes the login workflow:
...
Each database server has a corresponding OIDC server instance, so to fetch a token, embedder should connect to a chosen OIDC server's authorize endpoint. Our integrating solution supports OIDC implicit or code grant type. We recommend using implicit in browser web application and code in desktop/mobile apps.
Registration
Embedders should register their application with us beforehand. This registration is currently manual. As a result, embedders will have a set of credentials which will identify (client) application during token henting. Such credentials include client_id, client_secret (if applicable) and one or multiple redirect_uri.
1. Implicit grant
The following parameters are required in such OIDC request:
response_type: tokenclient_id: drofus-embedded your_client_id(previously registered)scope: dr-stdredirect_uri: has to match oneyour_redirect_uri(previously registered.)dbandpr: database name and project number (eg, "01", "02", etc.). These are not standard OIDC parameters, but required by Drofus login procedure.
...
response_type: codeclient_id: drofus-embedded-app your_client_id(previously registered)client_secret:Contact us and will provide youyour_client_secret(as cleartext, previously registered)scope: dr-stdredirect_uri:http://localhost:5678/landingor has to match one previously registered.your_redirect_uri(previously registered)
Remark: If code grant is used in a web application, redirect_uri must be a valid URL pointing to a web application the embedders control and thus has to be registered same way as with implicit grant. Redirect URI has less importance in apps and any URI can be used, does not need to point to an actual website. But still, must be filled and match previously registered one
dbandpr: database name and project number (eg, "01", "02", etc.). These are not standard OIDC parameters, but required by Drofus login procedure.
...
Embedder should create an integrated Drofus environment and load the corresponding application server's address with the following path and hash, where the hash includes the token from the previous step. After the token is received, Drofus integrated application is validating the token. When validated, both successful and unsuccesful, dRofus integrated will signal it to the embedder.
...
Application requires a logged in user, please do login first! The content of dRofus integrated application is displayed as a result of either by embedder's control or by user interaction (i.e. clicking on links). Embedder controls the content through application URL.
...
The URL of dRofus integrated application is /embedded path on the corresponding application server and followed by one frontend URL (as a URL fragment/hash) as listed below.
...