/SSOServer

This Single Sign-On (SSO) server provides centralized authentication using OAuth 2.0 authorization code flow, allowing users to securely access multiple applications with one set of credentials.

Primary LanguageTypeScript

# SSO (Single Sign-On) Server

This project implements a Single Sign-On (SSO) solution using OAuth 2.0 authorization code flow. It consists of:
- A **client application** built with Vite (React)
- A **server application** built with NestJS
- PostgreSQL database for data storage

## System Architecture

### Database Schema
The system uses three main tables in PostgreSQL:

1. **oauth_clients** - Stores registered OAuth clients
2. **oauth_codes** - Stores authorization codes for the OAuth flow
3. **user_sessions** - Stores active user sessions

### OAuth Flow
The system implements the standard OAuth 2.0 authorization code flow:
1. Client initiates authentication
2. User authenticates with SSO server
3. SSO server issues authorization code
4. Client exchanges code for tokens
5. Client accesses protected resources with tokens

## Setup Instructions

### Prerequisites
- Node.js (v16 or higher)
- PostgreSQL (v12 or higher)
- npm or yarn

### Server Setup (NestJS)
1. Navigate to the `server` folder
2. Install dependencies:
   ```bash
   npm install
  1. Configure environment variables in .env: 
    # Database
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=123456
DB_NAME=sso_idp
DB_SYNC=true

# JWT
JWT_SECRET=your_strong_secret_key
JWT_EXPIRES_IN=1h
  2. Run the server: 
    npm run start:dev

Client Setup (Vite)

  1. Navigate to the client folder
  2. Install dependencies: 
    npm install
  3. Configure environment variables in .env: 
    VITE_API_URL=http://localhost:3000
VITE_CLIENT_ID=SSO1
VITE_REDIRECT_URI=http://localhost:5173/callback
  4. Run the client: 
    npm run dev

Database Setup

Run these SQL commands to create the required tables:

CREATE TABLE oauth_clients (
    id SERIAL PRIMARY KEY,
    institute VARCHAR(255) NOT NULL,
    tenant VARCHAR(255) NULL,
    client_id VARCHAR(255) UNIQUE NOT NULL,
    client_secret VARCHAR(255) NOT NULL,
    redirect_uri TEXT NOT NULL,
    scopes TEXT NOT NULL DEFAULT 'openid profile email',
    created_at TIMESTAMP DEFAULT NOW()
);

CREATE TABLE oauth_codes (
    id SERIAL PRIMARY KEY,
    code VARCHAR(255) UNIQUE NOT NULL,
    institute VARCHAR(255) NOT NULL,
    tenant VARCHAR(255) NULL,
    user_id INT NOT NULL,
    client_id VARCHAR(255) NOT NULL,
    redirect_uri TEXT NOT NULL,
    expires_at TIMESTAMP NOT NULL,
    created_at TIMESTAMP DEFAULT NOW()
);

CREATE TABLE user_sessions (
    id SERIAL PRIMARY KEY,
    session_id VARCHAR(255) UNIQUE NOT NULL,
    institute VARCHAR(255) NOT NULL,
    tenant VARCHAR(255) NULL,
    user_id INT NOT NULL,
    expires_at TIMESTAMP NOT NULL,
    created_at TIMESTAMP DEFAULT NOW()
);

API Endpoints

Authorization Endpoints

  • GET /oauth/authorize - Initiate OAuth flow
  • POST /oauth/token - Exchange code for tokens
  • GET /oauth/userinfo - Get user information

Client Management Endpoints

  • POST /clients - Register new OAuth client
  • GET /clients - List registered clients

Usage

  1. Register your client application in the oauth_clients table
  2. Configure your client application with:
    • Client ID
    • Redirect URI
    • SSO server API URL
  3. Implement the OAuth flow in your client application

Security Considerations

  • Always use HTTPS in production
  • Keep your JWT secret secure
  • Validate all redirect URIs
  • Implement proper token expiration and refresh mechanisms
  • Regularly rotate secrets

Troubleshooting

  • Check server logs for errors
  • Verify database connection settings
  • Ensure all environment variables are set correctly
  • Confirm client IDs and secrets match between client and server

Accessing the Applications