Skip to content

SSO/OIDC Quick Start

This page covers user sign-in via the A2Z/Personify Identity Provider.

When to Use This Flow

Use OIDC flow when an exhibitor clicks Login in your application and needs to be authenticated as a user.

Minimum Authorize Request Parameters

Parameter Required Notes
client_id Yes OIDC client ID from onboarding
redirect_uri Yes Must be URL-encoded and whitelisted
response_type Yes Include code; documented example includes code token id_token
scope Yes Must include openid; include profile for email
prompt Recommended Use login
state Yes Carry event/session context
nonce Yes Replay protection
code_challenge Recommended PKCE challenge
code_challenge_method Recommended S256
tenantId Optional Tenant-specific branding GUID

Authorize Request Example

Note

Replace all YOUR_* values with onboarding-provided values for your application.

https://prod.personifyauth.com/connect/authorize?
client_id=YOUR_OIDC_CLIENT_ID
&prompt=login
&redirect_uri=YOUR_URL_ENCODED_REDIRECT_URI
&response_type=code%20token%20id_token
&scope=openid%20profile%20idp_api
&nonce=YOUR_NONCE
&state=YOUR_STATE
&code_challenge=YOUR_PKCE_CODE_CHALLENGE
&code_challenge_method=S256
&tenantId=YOUR_TENANT_BRANDING_GUID

Login Behavior

  1. Exhibitor is already in Event Portal and clicks into your application.
  2. Your application sends an OIDC authorize request to the IdP.
  3. IdP validates redirect_uri against whitelist.
  4. If the exhibitor already has a valid IdP session, redirect is immediate.
  5. If not, the exhibitor is prompted to log in, then redirected to your redirect_uri.

OIDC Response Values to Handle

  • code
  • id_token
  • access_token
  • token_type
  • expires_in
  • scope
  • state
  • session_state

Exhibitor Context After SSO

The Event Portal link does not identify which exhibitor context the user came from.

After callback, your application will have user identity (including email when profile is requested), but not a selected exhibitor.

Next step:

  1. Call exhibitor lookup by event and email:
    API Samples: Exhibitor Lookup by Event and Email
  2. If multiple exhibitors are returned for that user, you may want to provide a way for the user to choose which exhibitor to continue as:
    SSO/OIDC Deep Dive: Multi-Exhibitor Selection After Lookup

Critical Implementation Guidance

  • Read this first: Why Use a Generic redirect_uri
  • Put event context in state (event ID, transaction ID, or session token).
  • Parse state at callback and route user to the correct event context.