Invision Community SSO integration using Drupal as OAuth / OpenID Connect Provider
Overview
The Drupal OAuth/OIDC Server module enables Single Sign-On i.e. SSO between the Drupal site and any Client application that supports the OAuth or OpenID Connect protocol. Here, we go through the steps to connect the module with the Invision Community. In this Integration of Drupal and Invision Community, Drupal acts as an Identity Provider i.e. users will be logging into Invision Community using their Drupal credentials.
Configuration Steps
Configure an OAuth / OIDC Application in the Invision:
- Log into the Invision Community using the administrator credentials.
- Navigate to the Settings → Login & Registration tab from the left navigation panel.
- Click on the Create New button, then select Other OAuth 2.0 and click on the Continue button.
- Enter an Application Name under the Name text field and then copy the Redirect URL value from the Application Settings section.
Configure Drupal as an OAuth Server:
Note: Please ensure that the Drupal site is hosted on a server accessible from the internet, as Invision Community won't be able to reach the Drupal endpoints if the Drupal site is running on localhost.
- On the Drupal site, go to the Configuration → miniOrange OAuth server configuration → OAuth Client
- Click on the Add Client button.
- Enter the Application Name under the Application Name text field.
- Paste the copied Callback URL under the Callback/Redirect URL text field.
- Multiple Callback URLs can be added by clicking on the Add More button next to the text field.
- Click on the Save button and copy the Client ID and Client Secret.
Integrating Invision Community with Drupal:
- Navigate to the Invision dashboard.
- Select the Grant Type as Authorization Code.
- Paste the copied Client ID under the Client Identifier text field and Client Secret under the Client Secret text field.
- Add the Scope and Endpoints as specified in the table below (You can also get the same from the Scope & Endpoints section of the Drupal site → Configuration → miniOrange OAuth server configuration → OAuth Client):
| Scopes to request | profile openid email |
|---|---|
| Authorization Endpoint | {base_url_of_the_drupal_site}/mo/oauth2/authorize |
| Authorization Endpoint for AdminCP & Reauthorizations | Use the same endpoint as normal logins |
| Token Endpoint | {base_url_of_the_drupal_site}/mo/oauth2/token |
| User Information Endpoint | {base_url_of_the_drupal_site}/mo/oauth2/userinfo |
- Under the User ID Parameter enter the Unique identifier of the user like email or name.
- Please keep the remaining fields default if not sure of the configurations. Scroll down, and click on the Save button.
You have successfully configured Invision Community as an OAuth Client and Drupal as an OAuth server.
Let’s see how this works:
- Open a new window/private browser and navigate to the login page of the Invision Community website.
- Click on the Login with Drupal button.
- Browser will be redirected to the Drupal site login page. Enter the Drupal credentials and click on the Log in button.
- On successful authentication, browser will be redirected back with successful login into the Invision Community.
You have successfully performed the SSO between Invision Community and Drupal!
Need Assistance?
If you face any issues during the configuration or if you want some additional features, please contact us at drupalsupport@xecurify.com.
Additional Features:
- Add multiple Callback/Redirect URL
- Add custom user attributes to be sent in response
- Use enable asymmetric signing algorithm
- Enable single logout
