Skip to main content

Authenticating with JWT SSO

To provide a seamless experience to your members, it's best to authenticate them automatically into your product using the JWT SSO.

To do so, you should follow these steps:

  1. Follow the JWT SSO instructions to generate a JWT token.
  2. Generate an embed URL for your community, space, or post using the Embedding Bettermode instructions.
  3. Set the redirect_uri of the JWT SSO endpoint to the relative version of your embed URL.

Example

Let's say you want to seamlessly embed a space into your community. After generating the JWT token, you can follow the steps for embedding a space. The URL will look like this:

https://community.company.com/embed/space/product-updates-qo26s1ru?readonly=false&header=true&composer=true"

You can convert the above URL to a relative URL by removing your community domain/subdomain from the beginning of the URL:

/embed/space/whats-new?readonly=false&header=true&composer=true&about=true

The JWT SSO URL looks like this:

https://YOUR_COMMUNITY_DOMAIN/api/auth/sso?redirect_uri={{Redirect URI}}&jwt={{Generated SSO Token}}

After replacing the redirect_uri value, the final URL will look like this:

https://YOUR_COMMUNITY_DOMAIN/api/auth/sso?redirect_uri=%2Fembed%2Fspace%2Fwhats-new%3Freadonly%3Dfalse%26header%3Dtrue%26composer%3Dtrue%26about%3Dtrue&jwt=sample_generated_jwt_value
note

Please note that you should apply encodeURIComponent function (or similfor encode URI method) on the redirect_uri value.

Node.js Example

Here is a sample Node.js Express app snippet for generating the IFrame url:

Node.js Example
const jwt = require("jsonwebtoken");
const privateKey = "{Your Private Key}";

// `app` is an express app instance
app.get('/your/app/route', (req, res) => {
// Considering your user object is stored in `req.user`
const userData = {
sub: req.user.id
email: req.user.email
name: req.user.name,
iat: Math.round(new Date().getTime() / 1000),
exp: Math.round(new Date().getTime() / 1000) + 60,
};

// JWT token for authenticating the user
const jwtToken = jwt.sign(userData, privateKey, { algorithm: "HS256" });

// Generated by space embed generator and converted to a relative URL
const embedURL = '/embed/space/product-updates?readonly=false&header=true&composer=true'

const iframeSrc = `https://community.company.com/api/auth/sso?jwt=${jwtToken}&redirect_uri=${encodeURIComponent(embedURL)}`

// You can pass the `iframeSrc` to your rendering engine such as Pug instead
res.send(`<html><body><iframe src="${iframeSrc}" frameBorder="0" width="100%"></iframe></body></html>`)
})