Appshare on customer nodes (Local or Cloud) can use external identity providers to single sign on with openid connect. The user will follow a slightly different sequence than with the password-based flow
- The user visits the website where appshare is hosted
- The PWA Main app is downloaded from the hosting service and caches it on the device for future use. Followup visits will use the cached version when the hosting service is not reachable
- The PWA loads the application configuration for identity providers
- The PWA shows the Login to the user
- The user logs into the Appshare PWA by entering in the server and selecting the identity provider
- The PWA from the device requests system information from the customer server to identify which features are available
- The PWA redirect the user to the identity providers and receives an Authorization Code
- The PWA retrieves from the identity provider the tokens based on the Authorization Code
- The PWA authenticates the user through the customer identity service with the token received from the external identity provider (For JD Edwards this is the AIS tokenrequest)
- The PWA determines how an account will be identified in the Appshare metadata store. For JD Edwards an identifier was stored in “F953000” in the Appshare registration process
- The PWA loads the account configuration from the Appshare Services metadata store.
- Of all is successful the PWA continues to load roles and profile from the customer serer.
- The PWA loads translations form the Appshare Services for all available apps.
- The PWA shows the dashboard to the user
- The PWA does not need the Appshare Services anymore from this point on
- The user opens a custom app
- The PWA downloads the files for the custom app from the hosting service and caches it on the device
- The PWA does not need the Appshare hosting service anymore from this point on. Communication will only be between the user device and the customer services.
- The PWA shows the app and loads data from the customer services.