Skip to content

Single Sign-On technical overview

This text provides technical information about PEACH Single Sign-On (also references as Identity provider or IDP). For a more general overview see the products section

Modes of operation

  • As a web application

The EBU IDP comes with a HTML rendering engine (ejs) and can be deployed as a visible web service to have a login server for users to use.

  • API-only usage

It's possible to deploy the IDP without the need for users to use it directly, signup and usage can be done by using the API from another web application.


We use sequelize to abstract database access. Currently we support MySQL/MariaDB, Postgres and sqlite with migrations and everything else for safe operations. sqlite should not be used for production environments as it only supports very light usage.

Cloud deployment

We have docker-Images ready on our docker registry service. Prebuild definitions for docker-compose are available for orchestration, and we have terraform receipes ready for deployment in AWS environments.

Workflows and usage information

  • CPA: A protocol to allow device paring on devices with very limited ways of input, like Smart TVs. Details can be found on the CPA page.
  • oauth2: We support the oauth2 protocol for authorisation. Currently there is no support for OpenID.
  • authentification can done via custom endpoints that include HTTP sessions and JWT.
  • account types: A so-called local login stores credentials in the local databases. Also supported is a signup with the services from Google, Facebook and Apple.