Single Sign-On

How to use OPTT API with SSO

Single Sign-On

Single Sign-on (SSO) occurs when a user logs in to one application and it follows by signing in to other applications automatically, regardless of the platform, technology, or domain the user is using. The user signs in only one time, hence the name of the feature (Single Sign-on).

For example, if you log in to a Google service such as Gmail, you are automatically authenticated to YouTube, AdSense, Google Analytics, and other Google apps. Likewise, if you log out of your Gmail or other Google apps, you are automatically logged out of all the apps; this is known as Single Logout.

SSO provides a seamless experience for users when using your applications and services. Instead of having to remember separate sets of credentials for each application or service, users can simply log in once and access your full suite of applications.

Whenever users go to a domain that requires authentication, they are redirected to the authentication domain where they may be asked to log in. If the user is already logged in at the authentication domain, they can be immediately redirected to the original domain without signing in again.

How to Start:

You can implement the login process of your users in the application with SSO with any identity provider, and then use OPTT services by receiving the token.

The following diagram shows all the steps of the process, from the time you request authorization to get OPTT's token.


1 - Creating the Authorization Credentials: Generates user authentication through standard methods.
For example, you can use Google, and after the authentication process, Google will give you a code.


2 - Considering the following image is your App's login page: After the authentication process, your users will be able to log in to the App.

300 296

3 - API call to get the OPTT token: send a request to the OPTT to get the token with the parameters that we need:


4 - OPTT checks the Client ID:

If the user exists in the OPTT Clinic (as a Client or a Care Provider) based on their role, the token will be created and related APIs will be shown.

If the user does not exist in the OPTT Clinic, their information will be entered as a new Client in the Clinic database.


5- Everything is secure:

We don't get user's email from you, we get just the clientId,apiKey, clinic email, code, and userType
as a reminder, you can read SSO reference

6- The relation between Care Provider's App database and the OPTT database:


7- Using OPTT APIs:

Using the single sign-on gives you two options after receiving the token:

Using it to log in to the mobile view of the current platform,
using the token and the API to implement OPTT services inside the native App. For example, showing the list of the Assignment inside the App with the native App, features by calling API to receive the list of assignments.