OAuth 2.0 Based SSO

    This page describes how OAuth 2.0 based SSO works and how to implement it.

    그림 1 LINE WORKS와 고객사 간 OAuth 2.0 기반 SSO

    Figure 1 OAuth 2.0 based SSO between LINE WORKS and Client

    1. Use LINE WORKS services
      The user accesses the LINE WORKS web page on the web browser or run the LINE WORKS app or Drive Explorer to use LINE WORKS services.

    2. Request Authorization Code
      If the user is not logged in to LINE WORKS, LINE WORKS requests an authorization code from the client.

    3. (If the user is not logged in to the client) Provide login page
      If the user is not logged in to the client system, the client provides its own login page to the user.

    4. Enter ID/PW
      The user enters the ID and password to log in to the system.

    5. Issue Authorization Code after authentication
      After checking if the user is logged in with the ID and password he/she entered, the client issues an authorization code.
      If the user is already logged in to the client system, the client issues an authorization code without going through the steps 3 and 4.
      The authorization code must be a one-time code that expires after being used to return an access token.

    6. Return Authorization Code (redirect)
      The client system redirects the authorization code to the LINE WORKS authentication system's redirect_uri, which is included in the request where an authorization code was requested first.

    7. Request Access Token with Authorization Code
      LINE WORKS requests an access token from the client SSO system.

    8. Return Access Token
      After verifying the authorization code, the client SSO system issues an access token and returns it.

    9. Request user information with Access Token
      LINE WORKS requests the user information from the client SSO system, using the access token as a parameter.

    10. Return user information
      After verifying the access token, the client SSO system returns the user's externalKey.

    11. Issue authentication token
      Based on the user information, the LINE WORKS authentication system issues an authentication token for LINE WORKS.

    OAuth 2.0 Based API Authentication

    The authentication of LINE WORKS' IMAP/CalDAV is partially based on OAuth 2.0.

    그림 2 OAuth 2.0 기반 API 인증

    Figure 2 OAuth 2.0 based API Authentication

    1. Run the LINE WORKS app after setting up ID/PW for IMAP
      The user runs the LINE WORKS app after setting up ID and password for LINE WORKS, using Outlook, native apps, etc.

    2. Request Authorization Code (API)
      Passing the user's ID and password to the client SSO system, LINE WORKS requests an authentication code from it. All network connections must be secured with SSL.

    3. Issue Authorization Code After Verifying ID/PW
      After authenticating the user with the ID and password, the client SSO system issues an authorization code if the authentication is successful. It returns an error code if the authentication fails.

    4. Return Authorization Code
      As a response to the API request in step 2, the client SSO system returns an authorization code. If the authentication fails, it returns an error code.

    5. Request Access Token with Authorization Code
      LINE WORKS requests an access token from the client SSO system, using the authorization code as a parameter.

    6. Return Access Token
      After verifying the authorization code, the client SSO system issues an access token and returns it.

    7. Request user information with Access Token
      LINE WORKS requests user information from the client SSO system, using the access token as a parameter.

    8. Return user information
      After verifying the access token, the client SSO system returns the user's externalKey.

    9. Issue authentication token
      Based on the user information, LINE WORKS issues an authentication token for LINE WORKS.