Below are the instructions for connecting an SSO authentication service to the Chemwatch mobile application: Your IDP service must support the OAuth 2.0 PKCE or OIDC protocol for authentication and authorisation.
For integration with your service, we need the following information:
clientId (sometimes called client credentials).
clientSecret (client credentialsif you are using an IDP that requires the use of a client secret).
authorizeUrl.
accessTokenUrl.
userInfoUrl.
Add our redirect URL: net.chemwatch.walkabout://oauth2redirect.
You can also specify the scope that should be available for getting information about the user and select the exact field representing the username.
Please If you have guest user credentials — please provide us with a temporary SSO username and password to check it outtemporary access to test it, this may speed up SSO setup process.
Listed below are some tips for existing IDPs outlining the steps needed to be done on that specific platform. Please keep in mind that if you are using a custom IDP and it requires certain actions beyond the standard OAuth2.0 protocol, you will need to provide the complete data yourself.
Currently our application is configured to work primarily with OAuth2.0 PKCE and also has OIDC support.
Specific to MS Azure (Microsoft Entra ID)
1. When registering the Smarter Suite app in Azure, the optional redirect field must be selected as a public client/native(mobile & desktop) app for mobile apps. Mobile apps have a different redirect URL structure and always start with customScheme.://. It needs to be exactly net.chemwatch.walkabout://oauth2redirect Otherwise, the mobile app won't work with your AzureAD setupclient. Please see the below image for your the reference.
...
2. If you didn’t specify the redirect URL when registering the app as above, please add the net.chemwatch.walkabout://oauth2redirect URL to the AzureAD console as an allowed redirect, or else our app will fail the AzureAD security check on login. This can be done in the "Authentication" section which should be second from the top under the “Manage” menu in the left pane.
...
On the "Authentication" screen, please add the mobile and desktop apps category (1). After that, it will be possible to add net.chemwatch.walkabout://oauth2redirect as a redirect URL here (2). It is extremely important to add the correct redirect URL otherwise the Smarter Suite app will not be able to receive a response from your IDP.
...
3. In the “API permissions”, you need to add "email" for from Microsoft Graph (delegated permissions) because we use the user's email address for authentication purposes. Please see the below image for your reference. If you would like to use OIDC instead of Oauth2.0 PKCE — you must also add the openid from the same graph section.
...
4. Please take a look at the screenshot below. We marked several zones with numbers so you can understand where to get the relevant data.
authorization URL — number 1
accessToken URL — number 2
userInfo URL — number 3
...
For OIDC users only — please let us know the following endpoint: OpenID Connect metadata document.
...
Specific to Google Workspace
...