From c932017154abe1534a0228f7757fe84db87d27b0 Mon Sep 17 00:00:00 2001 From: Shraddha Kesari Date: Wed, 20 Oct 2021 12:39:28 +0530 Subject: [PATCH 1/3] Add auto sso docs --- tutorial/sso-login.md | 58 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/tutorial/sso-login.md b/tutorial/sso-login.md index 96b3a370..1a049a8a 100644 --- a/tutorial/sso-login.md +++ b/tutorial/sso-login.md @@ -144,6 +144,64 @@ const loginHandler = async e => { To logout a user, the application can make a GET request on `/api/auth/v1/logout` or call `logout` function from` @quintype/bridgekeeper-js`. As a result, the user will be logged out on all domains. An application can determine if the user is logged in or has logged out as before, by making a GET request to Bridgekeeper on `/api/auth/v1/users/me` or `getCurrentUser()` from `@quintype/bridgekeeper-js` library. +### Auto SSO +This is similiar to the login workflow explained above. The difference is in the API and the login flow. In this, the User will be `logged-in` without clicking on login button or Avatar, if they are already `logged-in` in the other sub-domain. By default, this feature is disabled. Enabling, might affect the performance. + +#### Workflow + +1. When the user clicks on login on the client domain, the client application should make a GET request to Bridgekeeper on `/api/auth/v1/oauth/auto-sso/authorize` with query params as follows: + +``` +client_id=INTEGRATION_ID +redirect_uri=CONFIGURED_REDIRECT_URI +callback_uri=ORIGINAL_PAGE_TO_REDIRECT_USER +response_type=code +``` + +Example : + + +```javascript +const publisherAttributes = useSelector(state => get(state, ["qt", "config", "publisher-attributes"], {})); + const clientId = get(publisherAttributes, ["sso_login", "client_id"], ""); + const redirectUrl = domainSlug + ? get(publisherAttributes, ["sso_login", "subdomain", domainSlug, "redirect_Url"], "") + : get(publisherAttributes, ["sso_login", "redirect_Url"], ""); + +``` +``` + + +``` +**Note : ** To enable this feature, Go to [BlackKnight](https://black-knight.quintype.com/ "BlackKnight") `/app/config/publisher.yml`, add `auto_sso: ` under publisher. Example : + +``` +... +... +publisher: + ... + auto_sso: + is_enable: true + +``` + +We are keeping `clientId, redirectUrl and the default callbackUrl` in [BlackKnight](https://black-knight.quintype.com/ "BlackKnight"). The `redirect_uri` will be different for different domains. Go to [BlackKnight](https://black-knight.quintype.com/ "BlackKnight") `/app/config/publisher.yml`, add `sso_login: ` under publisher. Example : + +``` +... +... +publisher: + ... + sso_login: + redirect_Url: ">/api/auth/v1/oauth/token" // Need to configure with Bridgekeeper DB + callback_Url: "" + client_id : "" // Id of the integration linked to the realm to be authorized for + subdomain: + voices: + redirect_Url: "/api/auth/v1/oauth/token" // Need to configure with Bridgekeeper DB + callback_Url: "" +``` + ### Social Login For social login we can use `withFacebookLogin, withGoogleLogin, withAppleLogin` from `@quintype/bridgekeeper-js` library. We need to pass `redirectUrl` as `https:///api/auth/v1/oauth/authorize?client_id=&response_type=code&redirect_uri=&callback_uri=` From b617e293b39c55f9e5e0a70b62d81f01fbfa09a0 Mon Sep 17 00:00:00 2001 From: Shraddha Kesari Date: Wed, 20 Oct 2021 15:40:21 +0530 Subject: [PATCH 2/3] Add more info to auto sso --- tutorial/sso-login.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tutorial/sso-login.md b/tutorial/sso-login.md index 1a049a8a..f139130e 100644 --- a/tutorial/sso-login.md +++ b/tutorial/sso-login.md @@ -142,10 +142,10 @@ const loginHandler = async e => { ![Malibu Running]({{"images/sso-login.gif" | absolute_url}}) -To logout a user, the application can make a GET request on `/api/auth/v1/logout` or call `logout` function from` @quintype/bridgekeeper-js`. As a result, the user will be logged out on all domains. An application can determine if the user is logged in or has logged out as before, by making a GET request to Bridgekeeper on `/api/auth/v1/users/me` or `getCurrentUser()` from `@quintype/bridgekeeper-js` library. +To logout a user, the application can make a GET request on `/api/auth/v1/logout` or call `logout` function from` @quintype/bridgekeeper-js`. As a result, the user will be logged out on all domains. An application can determine if the user is logged in or has logged out as before, by making a GET request to Bridgekeeper on `/api/auth/v1/users/me` or `getCurrentUser()` from `@quintype/bridgekeeper-js` library. ### Auto SSO -This is similiar to the login workflow explained above. The difference is in the API and the login flow. In this, the User will be `logged-in` without clicking on login button or Avatar, if they are already `logged-in` in the other sub-domain. By default, this feature is disabled. Enabling, might affect the performance. +This is similiar to the login workflow explained above. The difference is in the API and the login flow. In this, the User will be `logged-in` without clicking on login button or Avatar, if they are already `logged-in` in the other sub-domain. By default, this feature is disabled. Enabling, might affect the performance because of multiple redirects. #### Workflow From bae0e22e9768cc0b5a2416bf47bcf09dddfb1afd Mon Sep 17 00:00:00 2001 From: Shraddha Kesari Date: Wed, 20 Oct 2021 16:27:14 +0530 Subject: [PATCH 3/3] Add more info to auto sso --- tutorial/sso-login.md | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/tutorial/sso-login.md b/tutorial/sso-login.md index f139130e..ef292200 100644 --- a/tutorial/sso-login.md +++ b/tutorial/sso-login.md @@ -145,7 +145,10 @@ const loginHandler = async e => { To logout a user, the application can make a GET request on `/api/auth/v1/logout` or call `logout` function from` @quintype/bridgekeeper-js`. As a result, the user will be logged out on all domains. An application can determine if the user is logged in or has logged out as before, by making a GET request to Bridgekeeper on `/api/auth/v1/users/me` or `getCurrentUser()` from `@quintype/bridgekeeper-js` library. ### Auto SSO -This is similiar to the login workflow explained above. The difference is in the API and the login flow. In this, the User will be `logged-in` without clicking on login button or Avatar, if they are already `logged-in` in the other sub-domain. By default, this feature is disabled. Enabling, might affect the performance because of multiple redirects. +This is similiar to the login workflow explained above. The difference is in the API and the login flow. Once the user comes to the domain, `getCurrentUser()` call is being made to check whether the user is logged-in and if that fails, auto sso call `getAutoSSOUrl()` is being made to check whether the user is logged-in, in auth domain. If the user is not logged-in, the auth domain will redirect to the callback uri with a query param `logged_in=false` as a response else it will redirect to the callback uri. + +In this feature, the User will be `logged-in` without clicking on login button or Avatar, if they are already `logged-in` in the other sub-domain. +By default, this feature is disabled. Enabling, might affect the performance because of multiple redirects. #### Workflow @@ -162,15 +165,31 @@ Example : ```javascript +... +import { getAutoSSOUrl } from "@quintype/bridgekeeper-js"; +... + const publisherAttributes = useSelector(state => get(state, ["qt", "config", "publisher-attributes"], {})); +const isAutoSSOEnabled = get(publisherAttributes, ["auto_sso", "is_enable"], false); const clientId = get(publisherAttributes, ["sso_login", "client_id"], ""); const redirectUrl = domainSlug ? get(publisherAttributes, ["sso_login", "subdomain", domainSlug, "redirect_Url"], "") : get(publisherAttributes, ["sso_login", "redirect_Url"], ""); ``` -``` - +```javascript + +useEffect(() => { + const queryParams = new URLSearchParams(window.location.search); + const queryParamExists = queryParams.has("logged_in"); + + getCurrentUser().then(({ user }) => { + if (isAutoSSOEnabled && !user && !queryParamExists) { + const autoSsoUrl = getAutoSSOUrl(clientId, redirectUrl, window.location.href); + window.location.replace(autoSsoUrl); + } + }); +}) ``` **Note : ** To enable this feature, Go to [BlackKnight](https://black-knight.quintype.com/ "BlackKnight") `/app/config/publisher.yml`, add `auto_sso: ` under publisher. Example :