Forum Discussion

Drew_C's avatar
Drew_C
Boss
2 years ago

SSO Keys and Tokens for Oauth

We’re having some trouble getting started with Oauth flows. Our community uses SSO for login and we need the sso.authentication_token, but I don't know if I can generate that without an SSO Key.

From https://developer.khoros.com/khoroscommunitydevdocs/docs/oauth-authorization-grant :

If your Community uses SSO, you’ll make a POST call to /auth/authorize passing the SSO token in the payload. Upon successful SSO authentication, Community returns an authorization code in the response body to your client application using a backend call.

As I’m writing this, I think I found it in production under a cookie called:  lithiumLogin:{instanceID}

Can this be used as the sso.authentication_token? If so, where can I find this in stage? Does it need to be enabled somewhere for the staging environment? I read that this could be a user profile option and I’ve got my profile for both environments set the same way and nothing has changed.

Additionally, I believe we are running into problems with CORS, which makes it difficult for us to test that the value I've located is actually what I need. I've got a ticket with support open for this.

We’ve read everything in these guides, but I feel like there are some assumptions being made in the documentation that has us scratching our heads.

https://developer.khoros.com/khoroscommunitydevdocs/reference/authauthorize

How can I reliably get the user's SSO Token to move forward? I feel like we're missing something silly here.

Community API
  • MohammedSh's avatar
    MohammedSh
    Moderator
    2 years ago

    Hello Drew_C

    I checked with my team, and to advise you better, may I know if you want to use this for API calls?

    • Drew_C's avatar
      Drew_C
      Boss
      2 years ago

      Hi Mohammed! Yes, we'd like to ultimately use this for a few API calls. We need to authenticate the user via an app and have that app set two profile fields. The community will respond with some information about that user's community roles using an endpoint I created.

  • MohammedSh's avatar
    MohammedSh
    Moderator
    2 years ago

    Drew_C, thank you for confirming. The user will not be able to set the profile fields unless that user has API permissions. If you're open to using a non-SSO account, you can create one and use that account to set the fields for the user and call the endpoint.

    Create a local account in admin, grant it API / Admin privileges, then authenticate via API like mentioned in this "Session Key authentication" document.