OpenID Connect Overview

For Ruby Applications

One of our partners, Bonusly, has pulled their code into a gem so that it’s easy to reuse. It’s available for your reference at https://github.com/bonusly/bamboo-id.

Let’s get started

The back-end workflow would look something like the following:

  1. The BambooHR user would login to the Partner Application and navigate to the BambooHR integration configuration screen.
  2. The BambooHR user would be prompted to provide the BambooHR subdomain (if their login URL was https://company.bamboohr.com, their subdomain would be “company“).
  3. The Partner Application would direct the user to BambooHR for authentication.  BambooHR will know if the user should login using their standard BambooHR login credentials, Google login, or be directed to a third party SAML IdP.  Once authenticated, BambooHR will pass an auth code back to the Partner Application.
  4. The Partner Application’s servers will then request an ID Token from BambooHR’s servers using the auth code received in the previous step.
  5. BambooHR’s servers will then provide an ID Token for that user back to the Partner Application.
  6. Using the provided ID Token together with the issued Application Key, the Partner Application will then use the OpenID Connect Login API to retrieve the API Key of the user.
  7. BambooHR will generate and send the API Key of the authenticated user back to the Partner Application.
  8. The Partner Application should store and use that API Key for the integration and all API requests going forward.

openid-connect-login-api-for-authentication-and-api-key-retrieval-4

 

Here’s a 30 second video that shows the user flow

 

0:32

 

California residents: To submit a right to know, delete, or opt-out (aka “Do Not Sell My Information”) request regarding your personal information, click here or call toll-free: (888) 213-4233. To understand your right to opt-out and how we handle your personal information, please see our Privacy Policy.