DevKit Interconnection Precautions

To successfully implement the single sign-on (SSO) interconnection for the DevKit based on the authentication mode of OAuth 2.0 Authorization Code, you need to understand and complete the following preparations.

1. Create a registration ID and registration key for the DevKit based on the OAuth 2 protocol. For details about the registration ID and registration key, visit the OAuth 2.0 official website:
2. Implement the following interfaces by referring to the section "DevKit SSO Interface Definition":
   • Interface for obtaining authorization_code
   • Interface for obtaining access_token
   • Interface for obtaining user information
   • Interface for refreshing access_token
   • Interface for querying user validity
   • Interface for exiting the primary system
3. When installing the DevKit, select the OAuth 2.0-based SSO mode for installation and enter the obtained registration ID, registration key, and URLs of the preceding interfaces on the WebUI during the installation.

• During the installation, you are required to provide the interface for exiting the primary system. Otherwise, you cannot exit the DevKit until the primary system is exited. In this case, the data uploaded by users can be obtained by attackers.
• After the exit information is obtained, the integration environment should verify client_id and access_token. After the verification, the integration environment should invalidate the token of the primary system of the integration party and exit the system. In this way, you can exit the DevKit and system of the integration party at the same time.