Overview
Token Exchange is a custom Single Sign-On method. University systems send GradesFirst a security token and user id. GradesFirst responds with an authentication token which can be used to authenticate a user to the system.
...
- A user logs into a university system, such as a web portal which displays a dashboard of online services including email, course information, and a link to GradesFirst.
- The user clicks the link to access GradesFirst. This references a script on the university server that has access to the user's authentication information, namely their user id.
- The university server sends the user id along with a security token to GradesFirst.
- Template Request
https://<School Sub-domain>.gradesfirst.com/cas/schools/<School ID>/reverse_session/new?<Security Token Parameter Name>=<Security Token>&<User ID Parameter Name>=<User ID> - Example Request
https://myschool.gradesfirst.com/cas/schools/1234-my_school/reverse_session/new?security_token=df8fdbd5900d3fca7c5c76a1fcb881d5&user_id=my-username
- Template Request
- If the security token is verified and the specified user id is found, GradesFirst returns a HTTP 200 response with one of two values: the authentication token or the full return URL including the token as a parameter. This setting can be configured by GradesFirst Support.
Examples:- Authentication Token: df8fdbd5900d3fca7c5c76a1fcb881d5
- Full Return URL: https://myschool.gradesfirst.com/cas/schools/1234-my_school/reverse_session?token=df8fdbd5900d3fca7c5c76a1fcb881d5
- If the security token is not verified or the specified user id is not found, GradesFirst returns a HTTP 404 (not found) response.
- If a parameter is missing, GradesFirst returns a HTTP 500 response.
- Authentication Token: df8fdbd5900d3fca7c5c76a1fcb881d5
- The university server receives the authentication token.
- The university server redirects the user's browser back to GradesFirst, including the authentication token in the URL.
- Template Request
https://<School Sub-domain>.gradesfirst.com/cas/schools/<School ID>/reverse_session?<Token Parameter Name>=<Token> - Example Request
https://myschool.gradesfirst.com/cas/schools/1234-my_school/reverse_session?token=df8fdbd5900d3fca7c5c76a1fcb881d5
- Template Request
- GradesFirst validates the authentication token, logs them the user into the appropriate user account, and displays their GradesFirst home page.
...