Skip to content

Add Auto SSO docs #873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shraddha-kesari wants to merge 3 commits into
base: gh-pages
Choose a base branch
from
Open

Add Auto SSO docs #873

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c932017
Add auto sso docs
shraddha-kesari Oct 20, 2021
b617e29
Add more info to auto sso
shraddha-kesari Oct 20, 2021
bae0e22
Add more info to auto sso
shraddha-kesari Oct 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions tutorial/sso-login.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,64 @@ const loginHandler = async e => {

To logout a user, the application can make a GET request on `/api/auth/v1/logout` or call `logout` function from` @quintype/bridgekeeper-js`. As a result, the user will be logged out on all domains. An application can determine if the user is logged in or has logged out as before, by making a GET request to Bridgekeeper on `/api/auth/v1/users/me` or `getCurrentUser()` from `@quintype/bridgekeeper-js` library.

### Auto SSO
This is similiar to the login workflow explained above. The difference is in the API and the login flow. In this, the User will be `logged-in` without clicking on login button or Avatar, if they are already `logged-in` in the other sub-domain. By default, this feature is disabled. Enabling, might affect the performance.
Copy link
Contributor

@ags1773 ags1773 Oct 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can also mention in one line how it'll affect perf.. because of multiple redirects

Copy link
Contributor Author

@shraddha-kesari shraddha-kesari Oct 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay. Sure.


#### Workflow

1. When the user clicks on login on the client domain, the client application should make a GET request to Bridgekeeper on `/api/auth/v1/oauth/auto-sso/authorize` with query params as follows:

```
client_id=INTEGRATION_ID
redirect_uri=CONFIGURED_REDIRECT_URI
callback_uri=ORIGINAL_PAGE_TO_REDIRECT_USER
response_type=code
```

Example :


```javascript
const publisherAttributes = useSelector(state => get(state, ["qt", "config", "publisher-attributes"], {}));
const clientId = get(publisherAttributes, ["sso_login", "client_id"], "");
const redirectUrl = domainSlug
? get(publisherAttributes, ["sso_login", "subdomain", domainSlug, "redirect_Url"], "")
: get(publisherAttributes, ["sso_login", "redirect_Url"], "");

```
```
<a href="/api/auth/v1/oauth/auto-sso/authorize?client_id=${clientId}&redirect_uri=${redirectUrl}&callback_uri=${uri}&response_type=code">
Copy link
Contributor

@Athira001 Athira001 Oct 20, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here we need to click it right? it should call when the page loads. And explain about the response 'logged_in=false'

Copy link
Contributor Author

@shraddha-kesari shraddha-kesari Oct 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do not need to click on the login button if already logged in another domain.
Yeah, will add about the response.


```
**Note : ** To enable this feature, Go to [BlackKnight](https://black-knight.quintype.com/ "BlackKnight") `/app/config/publisher.yml`, add `auto_sso: <value>` under publisher. Example :

```
...
...
publisher:
...
auto_sso:
is_enable: true

```

We are keeping `clientId, redirectUrl and the default callbackUrl` in [BlackKnight](https://black-knight.quintype.com/ "BlackKnight"). The `redirect_uri` will be different for different domains. Go to [BlackKnight](https://black-knight.quintype.com/ "BlackKnight") `/app/config/publisher.yml`, add `sso_login: <value>` under publisher. Example :

```
...
...
publisher:
...
sso_login:
redirect_Url: "<CLIENT_DOMAIN>>/api/auth/v1/oauth/token" // Need to configure with Bridgekeeper DB
callback_Url: "<PAGE_TO_REDIRECT_USER>"
client_id : "<INTEGRATION_ID>" // Id of the integration linked to the realm to be authorized for
subdomain:
voices:
redirect_Url: "<SUB_DOMAIN>/api/auth/v1/oauth/token" // Need to configure with Bridgekeeper DB
callback_Url: "<PAGE_TO_REDIRECT_USER>"
```


### Social Login
For social login we can use `withFacebookLogin, withGoogleLogin, withAppleLogin` from `@quintype/bridgekeeper-js` library. We need to pass `redirectUrl` as `https://<auth-domain>/api/auth/v1/oauth/authorize?client_id=<integration-id>&response_type=code&redirect_uri=<redirect-url>&callback_uri=<callback-url>`
Expand Down