📖 Casso Accounts SSO Integration Guide
Overview
This document describes how applications can integrate with the Casso Accounts Single Sign-On (SSO) system.
Base URLs
Environment:
- Casso Accounts:
https://dev.accounts.casso.vn/- Casso Resource API:
https://dev.resource.casso.vn/
Step 1: Insert OAuth Client to Database
Before starting the authentication flow, you need to insert your OAuth client into the Casso Accounts database.
- Host:
180.93.182.53 - Port:
3306 - Database Name:
cassoaccountdev - User:
your-db-username - Password:
your-db-password
INSERT INTO oauth_client
(name, logo, client_id, client_secret, redirect_uri, grant_types, `scope`)
VALUES (
'Casso Wallet',
'https://casso.vn/wp-content/uploads/2025/05/casso-logo.svg',
'2bc94367-efad-4acf-af9a-3986a29e7de3',
'8a5052f2-09d2-4519-9d9e-e71cd39a243a',
'http://localhost:8080',
'authorization_code,token,refresh_token',
'openid'
);
Step 2: Authentication Flow
- User clicks “Login with Casso Accounts” on your application.
- Redirect user to the login page:
GET https://dev.accounts.casso.vn/login?
client_id=YOUR_CLIENT_ID&
redirect_uri=YOUR_REDIRECT_URI&
response_type=code
- After login, user is redirected back to your
redirect_uriwith acodeparameter. - Exchange the code for a token:
POST https://dev.accounts.casso.vn/token
- Headers:
Authorization: Basic BASE64(client_id:client_secret)Content-Type: application/x-www-form-urlencoded
- Body:
code=RECEIVED_CODE redirect_uri=YOUR_REDIRECT_URI grant_type=authorization_code
- Use the
access_tokento call user info API:
GET https://dev.resource.casso.vn/api/v1/users/me
- Headers:
Authorization: Bearer ACCESS_TOKENdevice-id: BROWSER.FINGERPRINT
Endpoints Summary
1. Login
- URL:
https://dev.accounts.casso.vn/login - Method:
GET - Query Parameters:
| Name | Required | Description |
|---|---|---|
| client_id | ✅ | Client ID issued to your app |
| redirect_uri | ✅ | Where user is redirected after login |
| response_type | ✅ | Must be code |
2. Token Exchange
- URL:
https://dev.accounts.casso.vn/token - Method:
POST - Headers:
Authorization: Basic BASE64(client_id:client_secret)Content-Type: application/x-www-form-urlencoded
- Body Parameters:
| Name | Required | Description |
| code | ✅ | Code from redirect |
| redirect_uri | ✅ | Same as initial redirect_uri |
| grant_type | ✅ | Must be authorization_code |
3. User Info
- URL:
https://dev.resource.casso.vn/api/v1/users/me - Method:
GET - Headers:
Authorization: Bearer ACCESS_TOKENdevice-id: BROWSER.FINGERPRINT
4. Sign Up
- URL:
https://dev.accounts.casso.vn/signup - Method:
GET - Description: Redirect to signup page for new users
Fingerprint Example (React + ThumbmarkJS)
import { getFingerprint, getFingerprintData } from "@thumbmarkjs/thumbmarkjs";
useEffect(() => {
const loadFingerprint = async () => {
const fingerprint = await getFingerprint();
const data = await getFingerprintData();
const id = `${data.system.browser.name}.${fingerprint}`;
setDeviceId(id);
};
loadFingerprint();
}, []);
Notes
- Use consistent environment variables for
clientId,clientSecret,redirectUri, andaccess_token. - Ensure proper error handling and fallback for token expiry.
- Placeholder logo and ID values should be replaced in production.
scopedefaults toopenid. Other scopes likeemail,profilecan be added later.
