Widgets SSO
How can I use SSO with widgets?
Last updated
Was this helpful?
How can I use SSO with widgets?
Last updated
Was this helpful?
If you have accounts of your users in your system - you can effectively provide this data to the widget using a JSON Web Token generated on your server to authenticate widget users. This mechanism is called Single Sign-On.
This is the preferred way of securing your widgets from unauthorized access and irrelevant feedback. You should turn on the "Allow only protected requests" option in the Products -> %Productname% -> Widgets tab in your ProdCamp workspace. This will ensure that only token-authorized requests will be allowed from your widgets and won't give you a chance to send any spam or irrelevant feedback.
The process of generation of a token is the same as described . For instance - the same token can be used to authenticate a user on your public roadmap automatically by providing him a link to your public roadmap with a pre-filled "token" query parameter (this way user will be automatically authenticated on your public roadmap and won't have to sign up himself).
There is a bunch of ways of how you can do it:
You can provide the token whenever you want using a special ProdCamp SDK function like this:
When a user performs some action that requires to be authenticated (for example - send feedback), a special SDK method ProdCamp.getToken
is being called. You should override this function by assigning one that requests a new token from your server each time the user performs an action. This function should have a callback argument that must be called when the new token is received from a server.