What SSO integrations to you support?
Do you support any kind of SSO integrations?
Hey CoolDev!
Currently we support:
- AuthZero
- Azure
- Github
- OpenidConnect
- Saml
-
AdamHere's a document for technical examples: https://documentation.platformos.com/developer-guide/identity-providers/identity-providers
Feb 23 2021 at 20:28
Hi @JJ
The docs list that we add them to the instance configuration.
The syntax is slightly different for Social connections vs Auth0
Example:
"integrations": {
"auth0": {
},
"social": [
{
"provider": "facebook",
"consumer_key": "*************",
"consumer_secret": "*************"
}
],
"twilio": {
},
"sendgrid": {
},
"recaptcha": {
}
Is there a way to roll my own SSO provider?
If not, are there docs that explain how to use the other providers? This doesn't cover it clearly enought: https://documentation.platformos.com/developer-guide/identity-providers/identity-providers
OpenidConnect and Saml are not social integdartions.
Do we just add them as "auth0"
-
JJBragg@patrick, it’s not currently possible to roll your own SSO. Lucian reviewed your question and said it would be best if you used Auth0 with an Auth0 account. OpenID can’t be added there, it needs to be done manually by our team, please let us know if you need this done via support. I'll create a ticket for Maciek's review to make it so that it can be added from the interface (so you can bypass support, next time).
Aug 26 2021 at 19:06
Auth0 has OpenID Connect, but it is listed as an enterprise connection and not part of the free plan from Auth0. The minimum level that has enterprise connections is professional which is $240 a month (time of writing).
https://auth0.com/docs/connections/enterprise/oidc#create-an-enterprise-connection-in-auth0
Looking at the site again it seems their free plan is only around 20 social providers, anything custom (like own database or something "non social") seems to have been moved to a paid model.
Auth0 is quite easy, it does require configuration in the PP and some coding to get going. On POS it is geared toward Auth0 or local accounts only, we have been working with the POS team so we could enable it as an option and have both local accounts and auth0 accounts. In the latest feedback we have tested and been able to get it going so it is all possible.
Rolling your own, it's not as hard as it seems, although you will be using API calls to do it (which have a price if you go over your tier)...
To roll your own (assumes serverside API from the 3rd party):
-
Create a form which posts a username and password to a custom endpoint using AJAX or normal submit.
-
On the page that receives the POST form your JSON payload (headers or body) to whatever the external providor requires.
-
Use the api_send graphql mutation to send a server side API call and grab the response.
-
Process the return to understand if the person has been validated.
-
Set a session variable that they have been validated and any other data you need for the session (name etc).
-
For pages that require a logged in user, create an auth policy which checks the session variable with a redirect to the login page if they fail.
-
When they want to logout, just destroy the session variable.
-
Optional: Create a function which tests if logged in or not, use it to be able to change content states on a page (login form or logout button for example).
If the 3rd party requires frontend navigation to their website to login (or an iframe) usually the providor will do one of two things, send back to the frontend client a token that you will need to validate on the backend (send it back via AJAX or validate somehow frontend - see their documentation) or they might have webhooks that send you a token or someway to validate the user (this is a little oldschool but it is still around).