Support for OAuth2 login

Introduction

Talis supports authentication using OAuth2 login.  This allows a system that doesn't use SAML to be connected to Talis products and for Talis to defer login authentication and authorisation to your university system.

Prerequisites

You OAuth2 authentication system should support the return of an id token in it's response.

Lead Time

Talis need to write some custom code to enable and configure OAuth2 for you and this requires a minimum 3 week turnaround to be scheduled. We can often deliver more quickly than that, but this allows for contingency in case of any issues when testing.

You should be aware that this work has a project timeline risk. Timelines to completion are sometimes outside of our direct control. Our experience tells us that not all OAuth2 systems are implemented in the same way, and for one customer system, it required them to fix their system to correctly support OAuth2 id tokens. 

Setup

You need to tell us the following pieces of information

• The OAuth2 endpoint of your system, for example: https://identity.uni.tld/oauth/authorize
• The OAuth2 token endpoint of your system, for example: https://identity.uni.tld/oauth/token
• The Consumer Key
• The Consumer Secret
• The JWT Signing Secret
• The signature method, for example: HMAC-SHA1

Your system will need to be configured with the following callback URLs

• EU and APAC

  • http://login.talisaspire.com/consume
    https://login.talisaspire.com/consume

• CA

  • http://login.ca.talis.com/consume
    https://login.ca.talis.com/consume

Your system needs to be sharing the following information with us in the id token. we will use this information to ensure that the product is personalised for the user and that they are using only the official University email address. You can read more about privacy and our GDPR compliance at https://talis.com/gdpr.

urn:oid:1.3.6.1.4.1.5923.1.1.1.10

urn:oid:2.5.4.42

urn:oid:2.5.4.4

urn:oid:0.9.2342.19200300.100.1.3