Getting Started with SSO

Edlink provides support for OAuth 2.0 and OpenID Connect (OIDC) protocols, enabling seamless and secure authentication and authorization for applications. This document provides an overview of how Edlink supports these protocols and outlines the key features and endpoints involved.

At the outset, it is worth noting that while Edlink is technically the identity provider for your application, we are not the root identity provider for your users. This means that your users will not have to create a new account with Edlink to use your application. Instead, they will use their existing credentials from their identity provider (e.g., Google, Microsoft, etc.) to authenticate with your application via Edlink.

Edlink handles the abstraction between the insitutions identity provider and your application, allowing you to focus on building your application and not worry about the complexities of integrating with multiple identity providers. This includes support for functionality LTI 1.1 & 1.3, OIDC, Clever, Classlink, and more. That is, by integrating with Edlink's SSO endpoints, you will be automatically supporting a wide range of identity providers, without any additional code.

This document covers the connection between your application and Edlink. For information on how to integrate with Edlink's supported identity providers, please refer to the relevant documentation.

Comparing OAuth 2.0 with OIDC

OAuth 2.0 and OpenID Connect (OIDC) are very similar protocols - in fact OIDC is just an identity layer built on top of the OAuth 2.0 protocol. Both methods are nearly identical when it comes to application security and they share many endpoints.

Why you might want to use OAuth 2.0

• In Edlink's opinion, OAuth 2.0 is a simpler protocol to understand and implement.
• OAuth 2.0 is more widely used than OIDC, so you may find more resources and libraries available to help you implement it.

Why you might want to use OIDC

• It allows your application to verify the identity of end-users by decoding a JSON Web Token (JWT) issued by Edlink. This may save you an API call to the /api/v2/my/profile endpoint that you would otherwise need to make to verify the identity of the user.
• Edlink wraps OAuth 2.0 responses in a $data variable, which is technically non-standard. When we build our OIDC functionality, we made sure that responses were more standardized and easier to work with.
• Many platforms (like AWS Cognito) support OIDC out of the box, making it easier to integrate with Edlink.
• There are more security features built into OIDC than OAuth 2.0, such as the login initiating endpoint. This can theoretically prevent against certain types of man-in-the-middle attacks.

Implementing SSO with Identity Management Platforms

Many Edlink clients use identity management platforms to facilitate account management and SSO. Some common examples include AWS Cognito, Auth0, and Firebase. In order to help you get up and running, we've put together some guides on how to integrate Edlink with these platforms.

If you don't see your identity management platform listed here, don't worry! Edlink's SSO endpoints are built to be compatible with any OIDC-compliant identity provider. If you need help integrating with a different platform, please reach out to our support team.