Page tree

Application authentication

Synergy offers OAuth2 / OpenID-Connect based SSO for the connected applications, acting as a gateway between the ID provider and the application.

See more about application authentication in Synergy workshop guide section 7. Implement authentication.

Make sure the session timeout of your application isn't too large. In addition to the usual security concerns, this is also important because the user might remain logged in and able to use the application even after the Synergy subscription expires.

Id token contents

https://openid.net/specs/openid-connect-core-1_0.html#IDToken

In addition, tokens issued by Synergy contains these fields:

authorities: Granted authorities for user in Synergy. Array of roles.
group: Groups assigned to user in Synergy. This array contains the name of the groups.

Sample token:

{
  "sub": "user@chemaxon.com",
  "scope": [
    "read",
    "write",
    "openid"
  ],
  "exp": 1519416204,
  "authorities": [
    "ROLE_TEAM_ADMIN"
  ],
  "jti": "112dcab7-594e-464d-8134-c5ac2d8c63f5",
  "client_id": "b85S-4vYQ6yq2q07g8gfvx3KzE8",
  "username": "user@chemaxon.com",
  "iss": "http://team.synergy.lvh.cxcloud.io:8900/",
  "aud": "b85S-4vYQ6yq2q07g8gfvx3KzE8",
  "azp": "b85S-4vYQ6yq2q07g8gfvx3KzE8",
  "iat": 1519373004,
  "group": [
    "TEAM_ADMIN",
    "group_1",
    "group_2"
  ]
}