Embedded Login UI

The embedded approach is very similar to the Custom Login UI approach in that you'll use the Authentication API exactly the same but not from a separate login UI but from your application directly using the OAuth 2.0 token endpoint and JWT bearer grant.

It differs in that it doesn't need the OAuth 2.0 authorization call to kick off the flow and that the consent token at the end also does not need be passed back to the OAuth 2.0 authorize API, but that it can be used directly to obtain tokens. High-level the process is as follows:

Embed your own login UI using the Quasr Authentication API.
Exchange the consent token directly for identity/access token.

Instead of step 8 use the following:

POST https://{tenant_id}.api.quasr.io/oauth2/token

Request tokens for a specific client.

Headers

Name

Type

Description

Authorization*

String

client ID and secret

Request Body

Name

Type

Description

grant_type*

String

urn:ietf:params:oauth:grant-type:jwt-bearer

assertion*

String

consent token

Make sure that the JWT bearer grant (urn:ietf:params:oauth:grant-type:jwt-bearer) is enabled for the client under OAuth2 Settings.

Though not mandatory we strongly recommend securing this embedded flow with client authentication. This means you'll need to provision the embedded client with a secret (if possible in a secure manner).

PreviousCustom Login UI NextIntroduction

Last updated 2 years ago