Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Auto SSO docs #873

Open
wants to merge 3 commits into
base: gh-pages
Choose a base branch
from
Open

Add Auto SSO docs #873

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c932017
Add auto sso docs
shraddha-kesari Oct 20, 2021
b617e29
Add more info to auto sso
shraddha-kesari Oct 20, 2021
bae0e22
Add more info to auto sso
shraddha-kesari Oct 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 78 additions & 1 deletion tutorial/sso-login.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,84 @@ const loginHandler = async e => {
![Malibu Running]({{"images/sso-login.gif" | absolute_url}})


To logout a user, the application can make a GET request on `/api/auth/v1/logout` or call `logout` function from` @quintype/bridgekeeper-js`. As a result, the user will be logged out on all domains. An application can determine if the user is logged in or has logged out as before, by making a GET request to Bridgekeeper on `/api/auth/v1/users/me` or `getCurrentUser()` from `@quintype/bridgekeeper-js` library.
To logout a user, the application can make a GET request on `/api/auth/v1/logout` or call `logout` function from` @quintype/bridgekeeper-js`. As a result, the user will be logged out on all domains. An application can determine if the user is logged in or has logged out as before, by making a GET request to Bridgekeeper on `/api/auth/v1/users/me` or `getCurrentUser()` from `@quintype/bridgekeeper-js` library.

### Auto SSO
This is similiar to the login workflow explained above. The difference is in the API and the login flow. Once the user comes to the domain, `getCurrentUser()` call is being made to check whether the user is logged-in and if that fails, auto sso call `getAutoSSOUrl()` is being made to check whether the user is logged-in, in auth domain. If the user is not logged-in, the auth domain will redirect to the callback uri with a query param `logged_in=false` as a response else it will redirect to the callback uri.

In this feature, the User will be `logged-in` without clicking on login button or Avatar, if they are already `logged-in` in the other sub-domain.
By default, this feature is disabled. Enabling, might affect the performance because of multiple redirects.

#### Workflow

1. When the user clicks on login on the client domain, the client application should make a GET request to Bridgekeeper on `/api/auth/v1/oauth/auto-sso/authorize` with query params as follows:

```
client_id=INTEGRATION_ID
redirect_uri=CONFIGURED_REDIRECT_URI
callback_uri=ORIGINAL_PAGE_TO_REDIRECT_USER
response_type=code
```

Example :


```javascript
...
import { getAutoSSOUrl } from "@quintype/bridgekeeper-js";
...

const publisherAttributes = useSelector(state => get(state, ["qt", "config", "publisher-attributes"], {}));
const isAutoSSOEnabled = get(publisherAttributes, ["auto_sso", "is_enable"], false);
const clientId = get(publisherAttributes, ["sso_login", "client_id"], "");
const redirectUrl = domainSlug
? get(publisherAttributes, ["sso_login", "subdomain", domainSlug, "redirect_Url"], "")
: get(publisherAttributes, ["sso_login", "redirect_Url"], "");

```
```javascript

useEffect(() => {
const queryParams = new URLSearchParams(window.location.search);
const queryParamExists = queryParams.has("logged_in");

getCurrentUser().then(({ user }) => {
if (isAutoSSOEnabled && !user && !queryParamExists) {
const autoSsoUrl = getAutoSSOUrl(clientId, redirectUrl, window.location.href);
window.location.replace(autoSsoUrl);
}
});
})

```
**Note : ** To enable this feature, Go to [BlackKnight](https://black-knight.quintype.com/ "BlackKnight") `/app/config/publisher.yml`, add `auto_sso: <value>` under publisher. Example :

```
...
...
publisher:
...
auto_sso:
is_enable: true

```

We are keeping `clientId, redirectUrl and the default callbackUrl` in [BlackKnight](https://black-knight.quintype.com/ "BlackKnight"). The `redirect_uri` will be different for different domains. Go to [BlackKnight](https://black-knight.quintype.com/ "BlackKnight") `/app/config/publisher.yml`, add `sso_login: <value>` under publisher. Example :

```
...
...
publisher:
...
sso_login:
redirect_Url: "<CLIENT_DOMAIN>>/api/auth/v1/oauth/token" // Need to configure with Bridgekeeper DB
callback_Url: "<PAGE_TO_REDIRECT_USER>"
client_id : "<INTEGRATION_ID>" // Id of the integration linked to the realm to be authorized for
subdomain:
voices:
redirect_Url: "<SUB_DOMAIN>/api/auth/v1/oauth/token" // Need to configure with Bridgekeeper DB
callback_Url: "<PAGE_TO_REDIRECT_USER>"
```


### Social Login
Expand Down