Single Sign-On (SSO) Enablement Process

The prerequisite for SSO is a community created already on pensil.in, let's take iitjee.pensil.in for a demonstration.

For SSO using your system, we will require to following things from you -

1. The URL/Endpoint to redirect the user to, from our system, in order to authenticate him, let's say it's auth.iitjee.com, then we need to be made aware of that.
2. Once the user is authenticated at your end you shall redirect them back to ‘iitjee.pensil.in**?auth_token=<user_token>**’,
   1. In the case of a custom domain, iitjee.pensil.in will be replaced with your custom domain, i.e., something like ‘community.iitjee.com?auth_token=<user_token>’.
3. make sure these credentials are exact same as the sso credentials.
4. A GET endpoint to validate the given user token and get back the user details accordingly. This will help us create a session at our end for the user.

   1. The request headers from our side will be as follows-

      {
      “Accept”: “application/json”,
      “Content-Type”: “application/json”,
      “Authorization”: “Bearer <token>”,
      “client_id”: “secret”,
      “client_key”: “secret”,
      }
      

   2. Details required in response payload are as follows-

      1. name,
      2. email,
      3. picture (optional)

   3. Sample user validation api response:

      {    
      “name”: “Dheeraj Rawat”,
      "email”: “[[email protected]](<mailto:[email protected]>)”,
      "referenceIdInSource": "key",
      “picture”: “<https://google.com/u/dheeraj/profile.png”>
      }
      

   4. For error give any non 200 response.

5. A dummy account for us to test the user_token and provided API

This completes the flow of SSO on pensil.in