Skip to content

Add Auto SSO docs #873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shraddha-kesari wants to merge 3 commits into
base: gh-pages
Choose a base branch
from
Open

Add Auto SSO docs #873

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c932017
Add auto sso docs
shraddha-kesari Oct 20, 2021
b617e29
Add more info to auto sso
shraddha-kesari Oct 20, 2021
bae0e22
Add more info to auto sso
shraddha-kesari Oct 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 59 additions & 1 deletion tutorial/sso-login.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,65 @@ const loginHandler = async e => {
![Malibu Running]({{"images/sso-login.gif" | absolute_url}})


To logout a user, the application can make a GET request on `/api/auth/v1/logout` or call `logout` function from` @quintype/bridgekeeper-js`. As a result, the user will be logged out on all domains. An application can determine if the user is logged in or has logged out as before, by making a GET request to Bridgekeeper on `/api/auth/v1/users/me` or `getCurrentUser()` from `@quintype/bridgekeeper-js` library.
To logout a user, the application can make a GET request on `/api/auth/v1/logout` or call `logout` function from` @quintype/bridgekeeper-js`. As a result, the user will be logged out on all domains. An application can determine if the user is logged in or has logged out as before, by making a GET request to Bridgekeeper on `/api/auth/v1/users/me` or `getCurrentUser()` from `@quintype/bridgekeeper-js` library.

### Auto SSO
This is similiar to the login workflow explained above. The difference is in the API and the login flow. In this, the User will be `logged-in` without clicking on login button or Avatar, if they are already `logged-in` in the other sub-domain. By default, this feature is disabled. Enabling, might affect the performance because of multiple redirects.

#### Workflow

1. When the user clicks on login on the client domain, the client application should make a GET request to Bridgekeeper on `/api/auth/v1/oauth/auto-sso/authorize` with query params as follows:

```
client_id=INTEGRATION_ID
redirect_uri=CONFIGURED_REDIRECT_URI
callback_uri=ORIGINAL_PAGE_TO_REDIRECT_USER
response_type=code
```

Example :


```javascript
const publisherAttributes = useSelector(state => get(state, ["qt", "config", "publisher-attributes"], {}));
const clientId = get(publisherAttributes, ["sso_login", "client_id"], "");
const redirectUrl = domainSlug
? get(publisherAttributes, ["sso_login", "subdomain", domainSlug, "redirect_Url"], "")
: get(publisherAttributes, ["sso_login", "redirect_Url"], "");

```
```
<a href="/api/auth/v1/oauth/auto-sso/authorize?client_id=${clientId}&redirect_uri=${redirectUrl}&callback_uri=${uri}&response_type=code">
Copy link
Contributor

@Athira001 Athira001 Oct 20, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here we need to click it right? it should call when the page loads. And explain about the response 'logged_in=false'

Copy link
Contributor Author

@shraddha-kesari shraddha-kesari Oct 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do not need to click on the login button if already logged in another domain.
Yeah, will add about the response.


```
**Note : ** To enable this feature, Go to [BlackKnight](https://black-knight.quintype.com/ "BlackKnight") `/app/config/publisher.yml`, add `auto_sso: <value>` under publisher. Example :

```
...
...
publisher:
...
auto_sso:
is_enable: true

```

We are keeping `clientId, redirectUrl and the default callbackUrl` in [BlackKnight](https://black-knight.quintype.com/ "BlackKnight"). The `redirect_uri` will be different for different domains. Go to [BlackKnight](https://black-knight.quintype.com/ "BlackKnight") `/app/config/publisher.yml`, add `sso_login: <value>` under publisher. Example :

```
...
...
publisher:
...
sso_login:
redirect_Url: "<CLIENT_DOMAIN>>/api/auth/v1/oauth/token" // Need to configure with Bridgekeeper DB
callback_Url: "<PAGE_TO_REDIRECT_USER>"
client_id : "<INTEGRATION_ID>" // Id of the integration linked to the realm to be authorized for
subdomain:
voices:
redirect_Url: "<SUB_DOMAIN>/api/auth/v1/oauth/token" // Need to configure with Bridgekeeper DB
callback_Url: "<PAGE_TO_REDIRECT_USER>"
```


### Social Login
Expand Down