Single Sign On User Guide
Introduction
Single Sign On (SSO) is a feature that enables users to be seamlessly logged in to multiple websites under the same organization without having to explicitly log in to each one of them. We provide a set of APIs that can be easily integrated into websites in order to perform SSO with Social Login or traditional Email/Password Login.
How To Implement Single Sign On
A simple scenario with a group of websites implementing SSO is described below.
The first step to implement SSO is to integrate each website with our Social Login, either using our widgets or APIs (Refer to our Social Login User Guide for more information). Note that, for SSO to work properly, all websites must be using the same Login App in the CoffeeBean platform. After each successful login, a connection_id token will be generated (Refer to Social Login Tokens for a complete reference on how our tokens work and all available APIs).
In all websites, you must also implement a polling worker for the socialid.login.getConnectionStatus Javascript API. This worker will be responsible for detecting a change in the user connection status in the CoffeeBean platform. The change will be triggered whenever the user logs in to any website and will be detected by all other websites the user visits. At this point, the worker must send the connection_id token returned by the API to the website backend (Refer to the API reference for details on how to obtain the connection_id from the API response).
In the backend service, the connection_id must be validated with the GET login/connections/:id REST API. This integration allows the website to receive user profile information and perform the required authentication in a secure manner. This step should be similar to the integration with the GET login/info REST API described in the Social Login User Guide.
Single Log Out
Another useful use case of SSO is the Single Log Out, which consists in logging the user out from all websites whenever a logout is detected in one of them.
This can be achieved using the same socialid.login.getConnectionStatus Javascript API used for SSO. However, in this scenario the user will change its status from logged in to logged out, which can also be detected and handled by all websites. Note that, if you have a custom mechanism for logout, you must also call our socialid.login.logout Javascript API during the logout process, so that we know about the event and can update the user connection status accordingly.
