SSO Server (sso.gerege.mn)
OpenID Connect 1.0 provider — e-ID Mongolia смарт картаар баталгаажуулна.
Нээлттэй — бүх 3-р талын platform-д
sso.gerege.mn нь аливаа систем, platform, апп-д нээлттэй.
developer.gerege.mn дээр app бүртгүүлж client_id авахад хангалттай.
OIDC Endpoints
| Endpoint | URL |
|---|---|
| Discovery | /.well-known/openid-configuration |
| Authorization | /oauth/authorize |
| Token | /oauth/token |
| UserInfo | /oauth/userinfo |
| JWKS | /.well-known/jwks.json |
| Introspect | /oauth/introspect |
| Revoke | /oauth/revoke |
Дэмждэг scopes
| Scope | Тайлбар |
|---|---|
openid | Заавал — sub, iss, aud |
profile | name, given_name, family_name, cert_serial |
pos | POS Plugin API — tenant_id, tenant_role, plan |
social | Social Commerce API |
payment | Payment API |
ID Token Claims
{
"sub": "eid-12345678",
"name": "БАТБОЛД Ганбаатар",
"given_name": "Ганбаатар",
"family_name": "БАТБОЛД",
"cert_serial": "ABC123DEF456",
"identity_assurance_level": "high",
"amr": ["eid"],
"tenant_id": "t_abc123",
"tenant_role": "owner",
"plan": "pro"
}
Тохиргоо (Environment)
| Variable | Тайлбар |
|---|---|
SSO_ISSUER | Issuer URL (https://sso.gerege.mn) |
SSO_PRIVATE_KEY_PATH | EC private key path |
DATABASE_URL | PostgreSQL connection string |
REDIS_URL | Redis connection string |
EID_BASE_URL | e-ID Mongolia API URL |