OAuth 2.0 is an authorization framework for third-party applications. On behalf of a resource owner, third-party applications like Freshworks use OAuth 2.0 to get limited access to an HTTP service. The framework also enables an approval interaction of the resource owner with the HTTP service. In addition, OAuth 2.0 supports direct access to the HTTP services by the third-party application.
To learn more about SSO, refer to these articles below.
- SSO Overview
- Implement Single Sign-On for Freshworks
- How is the authentication data securely exchanged between IdP and SP
- Terms and definitions to understand SSO better
- Agent SSO and Contact SSO for an Organization
How OAuth 2.0 works
If you, the user, haven't already signed in, you will be redirected from the application to your authorization URL, requesting an authorization code.
Freshworks receives the requested authorization code from the authorization server.
Freshworks makes a request to your access token URL, exchanging the code obtained for an access token.
Your authorization server will return an access token to Freshworks.
Freshworks then makes a request to your UserInfo URL with the access token obtained.
Your server will then return the user’s information in JSON format
Params to be shared
1. Once all the configurations are correct on both the sides, the user info endpoint URL should mandatorily return sub and email claims. Without these claims, it is not possible for to authenticate the user.
2. Call from Freshworks to the token endpoint has a timeout of 10 seconds.