Page 1 of 1

OAuth and OpenID implementation

Posted: 05 Jan 2018, 14:51
by jnsilver
Hi,
can you explain a little bit more how this works.

Can I combine it with other Authentication modes? For example: We have a domain where we use "Registration by the user" and want to add Authentication by OAuth via an iOS/Android APP.

The idea is to use OAuth to verify a user as valid and to grant access to use the Hotspot.

How about the assigned product for authentications by OAuth/OpenID? Will there be an option to select a product for these type of authentication?

Thanks
Jens

Re: OAuth and OpenID implementation

Posted: 08 Jan 2018, 15:02
by HSNMSupport
Hi,

the authentication process remain the same. You just have to configure, under system settings, the OAuth configuration and then enable it under domain configuration. At this point you will see, in the welcome portal, the possibility to register/connect using the OAuth.

Best Regards.

Re: OAuth and OpenID implementation

Posted: 10 Jan 2018, 16:28
by jnsilver
Hi,
Which product/product policy will be assigned to a user that uses OAuth? Is there a way to assign a specific product to such a user, especially if there are different products available?

Again the question: Is it possible to do the login process from an external ressource (like an iOS/Android APP) using the API?

Re: OAuth and OpenID implementation

Posted: 10 Jan 2018, 17:35
by HSNMSupport
Hi,

OAuth authentication follows the Social Login specification. So if a product is available with social login it will be available for OAuth as well.
Assignment of a specific product works as always.There must be a single product for that specific registration mode or a single free product in order to get it assigned to the user. Instead, if you have more then one product available for, in this case, social login user will have the usual screen to choose the prefered prodcut.

About login process from an external resource: Yes, technically is possible but you have to develop something that does everything that is done by the welcome portal. We already provide API to be able to create users, assign product to them etc... but all that manage this has to be developed by you in your APP.

In the Admin section of the HSNM, under the documentation menu, you can find examples about how to use API via VB.NET. VB.NET can be a language to use to develop your APP.

Best Regards.

Re: OAuth and OpenID implementation

Posted: 12 Jan 2018, 15:51
by jnsilver
Hi,
There is a question from my developers...
What methods of OAuth (Grant Types) does the system support or serve it as an identity provider?
Thanks.

Re: OAuth and OpenID implementation

Posted: 12 Jan 2018, 17:06
by HSNMSupport
Hi,
we use a client Grant Types in order to get the user identity.

Regards.

Re: OAuth and OpenID implementation

Posted: 05 Jun 2018, 13:23
by jnsilver
Hi,
Am I right that I can set the Custom OAuth Authentication only onces for all resellers, managers and domains?

I need to understand the communication flow between the client/client device, the captive portal (or the APP), the Mikrotik and the HSNM during a login. Is there some more information than in the manual?

Re: OAuth and OpenID implementation

Posted: 05 Jun 2018, 15:13
by HSNMSupport
Hi jnsilver,

yes, you are right.

About the communication flow:

1) user device connects to the gateway hotspot network;
2) gateway, through its configured html pages, redirect the user to the welcome portal (captive portal);
3) user enters its credentials through the login app;
4) login app sends credentials entered by the user to the gateway;
5) gateway, through a radius communication with HSNM Radius server, starts the authentication process using credentials obtained at point 4;
6) HSNM radius server processes the authentication request and, if credentials are correct, authenticates the user passing its connections parameters to the gateway.

Best Regards.

Re: OAuth and OpenID implementation

Posted: 07 Jun 2018, 16:55
by jnsilver
Hi,
Thank you for the explanation...

Our client wants to use an mobile APP that triggers the login. Is there a way to "bypass" the login portal?
Does the HSNM talk to the external system to check if a user is valid?

Re: OAuth and OpenID implementation

Posted: 08 Jun 2018, 17:27
by HSNMSupport
Hi jnsilver,

I'm sorry but it's not possible to do what your customer asked.

Best Regards.