Skip to main content

SSO API

Logging into the Steedos from external applications.

Preparation

1、 Steedos needs to be configured with environment variables enabled for single sign-on. Add the following to the .env.local file:

# JWT SSO
STEEDOS_IDENTITY_JWT_ENABLED=true

Next

1、The external application generates a JWT in the custom server interface. 2、The external application redirects to Steedos interface using the following GET request: {root_url}/accounts/jwt/login?t={jwt}&redirect={redirectURL} to achieve single sign-on.

Example

1、To create a new application in Steedos, you need to specify an API name (e.g. finance) and an API key (e.g. app_api_secret).

2、The external application's frontend button calls the custom API (e.g. GET /api/get/token) to generate a JWT.

module.exports = {
    sso: function (object_name, record_id) {
        const getTokenURL = '/api/get/token'; 

        const result = Steedos.authRequest(getTokenURL, {
            type: 'GET',
            async: false,
            contentType: 'application/json'
        });

        const token = result.token;
        const PLATFORM_ROOT_URL = 'https://5000-steedos-steedosprojectt-5apf195eq37.ws-us77.gitpod.io' 
        window.open(`${PLATFORM_ROOT_URL}/accounts/jwt/login?t=${token}&redirect=${PLATFORM_ROOT_URL}`, '_blank') 

    },
    ssoVisible: function () {
        return true
    }
}

3、A custom server-side API needs to be implemented.

const express = require("express");
const router = express.Router();
const core = require('@steedos/core');
const jwt = require('jsonwebtoken');

router.get('/api/get/token', core.requireAuthentication, async function (req, res) {
    const userSession = req.user;

    var secret = 'app_api_secret' 
    var options = { expiresIn: 30 } 
    var token = jwt.sign({
        profile: {
            email: userSession.email 
        },
        app_code: 'finance' 
    }, secret, options);

    res.status(200).send({
        token: token
    });
});
exports.default = router;

Login to External Applications via Steedos

Process Description

1、Create a new application in Steedos, specifying the external link and API key.

2、Click on the external application in the launcher and redirect to the external link, passing the "t" parameter in the URL.

3、The external application parses the "t" parameter and redirects the user to the application.

Example

1、Create a new application in Steedos and specify the external link (e.g. GET https://5000-steedos-steedosprojectt-5apf195eq37.ws-us77.gitpod.io/api/sso) and API key (e.g. app_api_secret).

2、In the application launcher, click on the external application and you will be redirected to the external link.

https://5000-steedos-steedosprojectt-5apf195eq37.ws-us77.gitpod.io/api/sso?t=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvYmplY3RfbmFtZSI6InNwYWNlX3VzZXJzIiwiZG9jIjp7Il9pZCI6IkFGTkVuQ3hiU29HRWc0b2NmIiwibmFtZSI6Inh4eCIsInVzZXJuYW1lIjoieHh4eHh4IiwiZW1haWwiOiJzQHMuY29tIn0sImlhdCI6MTY2OTI2NjA0NiwiZXhwIjoxNjY5MjY5NjQ2fQ.qeld2kTl5zjLGjCWgk3cb6UPEPlqmzMaME20mo_t-t4

3、To parse the token in the external application

const express = require("express");
const router = express.Router();
const jwt = require('jsonwebtoken')

router.get('/api/sso', async function (req, res) {
    console.log(req.query)
    // {
    //     t: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvYmplY3RfbmFtZSI6InNwYWNlX3VzZXJzIiwiZG9jIjp7Il9pZCI6IkFGTkVuQ3hiU29HRWc0b2NmIiwibmFtZSI6Inh4eCIsInVzZXJuYW1lIjoieHh4eHh4IiwiZW1haWwiOiJzQHMuY29tIn0sImlhdCI6MTY2OTI2NjA0NiwiZXhwIjoxNjY5MjY5NjQ2fQ.qeld2kTl5zjLGjCWgk3cb6UPEPlqmzMaME20mo_t-t4'
    // }
    const payload = jwt.verify(req.query.t, 'app_api_secret') 
    console.log(payload)
    // {
    //     profile: {
    //         name: 'xxx',
    //         username: 'xxxxxx',
    //         email: 's@s.com'
    //     },
    //     iat: 1669266046,
    //     exp: 1669269646
    // }

    res.status(200).send({ message: 'router ok' });
});
exports.default = router;