Widgets SSO
How can I use SSO with widgets?
What is Single Sign-On
If you have accounts of your users in your system - you can effectively provide this data to the widget using a JSON Web Token generated on your server to authenticate widget users. This mechanism is called Single Sign-On.
This is the preferred way of securing your widgets from unauthorized access and irrelevant feedback. You should turn on the "Allow only protected requests" option in the Products -> %Productname% -> Widgets tab in your ProdCamp workspace. This will ensure that only token-authorized requests will be allowed from your widgets and won't give you a chance to send any spam or irrelevant feedback.
How do I set it up?
The process of generation of a token is the same as described in this article. For instance - the same token can be used to authenticate a user on your public roadmap automatically by providing him a link to your public roadmap with a pre-filled "token" query parameter (this way user will be automatically authenticated on your public roadmap and won't have to sign up himself).
How do I pass the generated token inside widgets?
There is a bunch of ways of how you can do it:
1. Set up initialization parameters before the widget SDK generated script code.
2. Use the ProdCamp SDK function
You can provide the token whenever you want using a special ProdCamp SDK function like this:
3. Async token generation function
When a user performs some action that requires to be authenticated (for example - send feedback), a special SDK method ProdCamp.getToken is being called. You should override this function by assigning one that requests a new token from your server each time the user performs an action. This function should have a callback argument that must be called when the new token is received from a server.
Last updated
Was this helpful?