Togo ID is an identity server that complies with the popular and widely used OpenID Connect 1.0 and OAuth 2.0 authorization framework. These open standard protocols facilitate authentication and authorization of applications during login in a secure workflow for accessing end-user data while protecting their account credentials.
Togo ID offers the following features in your applications:
Authentication as a Service
Centralized login logic and workflow for all of your applications (web, native, mobile).
Single Sign-on / Sign-out
Single sign-on (and out) over multiple application types and organizations using a single account credential.
Access Control for APIs
Issue tokens for APIs for various types of clients, e.g. web applications, SPAs, and native/mobile apps.
Besides asserting the user's identity with an ID token, the Togo ID server can release consented information (claims) about the user client apps. These claims are included in the ID token.
This guide is aimed at an individual or team responsible for implementing Togo applications and integrating Togo ID with all other corporate or partner systems.
- Raise an integration request
- Choose an OAuth 2.0 flow and obtain your client ID and secret
- Validate your access token
On the Togo RVTogo RV - A mobile app to log RV maintenance and service checks, get registration renewal alerts, reference convenient checklists for RV travel plans, and more. and Togo FleetTogo Fleet - A digital platform for RV rental operations, booking, and fleet management. login screen, the user is presented with an option to create a Togo ID or sign in to the application using their Togo ID credentials.
Information collected from the users is their first name, last name, and email. Further, the user must consent to the Terms of Service. The optional field on the login page is consent to marketing. If your system requires additional properties about users, you will have to collect these values post-registration.
The Togo ID server does its own validation of emails. When users sign up, they are sent an email to validate the email address. When they click the link in the email, their account is validated.
The Togo ID server allows each client to specify whether they permit unvalidated emails to log in or not. The default value is “no” to avoid security holes like account hijacking. There are, however, some systems that need to collect additional user data before email validation (marketing lead generation for example), so Togo ID can, upon request, allow unvalidated emails to log in.
Togo ID also supports the
email_verified boolean property, allowing client systems to make their own decisions based on validation status, and collect additional user properties, if required.
Updated 10 months ago
|Integrate with Togo ID|