Jump to content

You're browsing the 2004-2023 VATSIM Forums archive. All content is preserved in a read-only fashion.
For the latest forum posts, please visit https://forum.vatsim.net.

Need to find something? Use the Google search below.
PLEASE READ - Webmaster Support Forum
This forum will be retired in the near future. Please direct all queries to our dedicated GitHub support page https://github.com/vatsimnetwork/developer-info/discussions 
Here you can find documentation on our services and we are continuing to migrate pertinent information into the Wiki pages https://github.com/vatsimnetwork/developer-info/wiki

Welcome


Kieran Hardern
 Share

Recommended Posts

Kieran Hardern
Posted
Posted

Welcome to the VATSIM SSO Forum. We've put this here to detail how you can utilise the VATSIM SSO on your website and provide somewhere for updates & information about integration.

 

What is SSO?

 

The Single Sign On (SSO) allows external sites to log VATSIM members in, without that external site accepting VATSIM CID & p[Mod - Happy Thoughts]word combinations. Through SSO, members provide their details to VATSIM only and we authenticate you for that external site. This means that any authorised website can utilise VATSIM logins on their web pages.

 

OAuth

 

The SSO system is based of the OAuth 1.0a protocol. For those of you not familiar with OAuth, don't worry. Yes OAuth can be quite complex and painful, however I've done my best to make it simple for you. I have written and am providing some very simple demo code that you should literally be able to 'drop' onto your server, change config variables and get going. Additionally we'll provide a composer package for those of you who are familiar.

 

For those familiar with OAuth, there are a few important points to be aware of:

 

  • At present, this system provides one-time access to VATSIM details, immediately following the member logging in. Access keys that authorise details for longer periods are not currently utilised (and therefore we skip the access key generation in the current system as it's pointless)
  • At present, the amount of information you get when a member logs in is determined by the type of site you are, with vACC/ARTCC/Division/Region websites able to obtain more than non-VATSIM websites. At present you 'get what you are given' in terms of return data. I'll update you if there are any plans for that model to change.
  • We are utilising OAuth 1.0a and not 2.0 for a variety of reasons. Most importantly for security. This is a conscious and calculated decision, not just us living in the past . Many sites out there still utilise 1.0a instead of 2.0. I'm sure those of you that are interested can piece together why OAuth 1 is preferable to 2 for our purposes.

 

I am a developer and want to get started for my site

 

I've created a 'Getting Started' post, which is pinned and contains the links to forum posts that I think you should read (in the order I'd recommend). I'll keep that up to date with any relevant information for a starting developer.

 

 

I am a member that is logging into an external site... what should I know?

 

You should only provide your CID & P[Mod - Happy Thoughts]word to authorised pilot/controller clients or official VATSIM.net websites (at present you can also provide your p[Mod - Happy Thoughts]word to official Region/Division website). For any other site, they should send you to SSO (indeed some of the above may send you to SSO anyway). SSO is located here:

 

https://cert.vatsim.net/sso/

 

If it isn't the above site, it isn't the VATSIM SSO. Don't login there.

 

When you try to log in, the system will show you exactly which of your account details will be provided when you log in. It will ask you to confirm your login and that you are happy for these details to be shared. You can cancel your login at various stages.

 

 

Purpose of this forum

 

This forum is to provide you with information, to update you on the latest information and to identify any issues that might arise with external integration. Unfortunately, this is not a place whereby we will be providing support for your website - you will need a developer to make this happen for you. If you have an issue with the interaction with our system, we'll do our best to help you here, but the rest is up to you.

 

If you have general questions or comments, feel free to post them. I'm not trying to put people off posting, merely pointing out that

Link to comment
Share on other sites

  • Zach Biesse-Fitton unpinned this topic
Guest
This topic is now closed to further replies.
 Share