SSO (Single Sign On)

Introduction

Single Sign-On (SSO) is an authentication mechanism that allows users to access several applications with only one set of login credentials.

By enabling SSO for your Annoto widget, you become responsible for the authentication of your users: they get authenticated through your own login portal and can use Annoto services freely.

Process

1. An unauthenticated user requests access to your site (post login details to your server).

2. Your server authenticates the user, The user gets authenticated using your own authentication and authorization process.

3. If the user access is granted, You create a secured JWT payload that contains information about the user, using any standard library.

4. The JWT token should be part of the login post answer (or some other query as you see fit).

5. Your client side JS code should call the annotoAPI.auth(token) method to authenticate the user.

Setup

What you will get from Annoto:

• Your clientID

• A unique secret that will be used to sign JWT tokens.

JWT Anatomy

JWT payload should contain the required user information, and be encoded (signed) using the provided SECRET.

The JWT payload should contain:

JWT’s full specification is available at https://tools.ietf.org/html/rfc7519

JWT Libraries

There are libraries available for virtually any programming language.

PHP Example

<?php
 require_once('./JWT.php'); // https://github.com/Annoto/jwt-php

$issuedAt = time();
$expire = $issuedAt + 60*20; // Adding 20 minutes
$payload= array(
  "jti" => 1234,
  "name" => "Hen Eytan",
  "photoUrl" => "https://images.pexels.com/photos/101584/pexels-photo-101584.jpeg",
  "iss" => "zRCIsImlzcyI6Imh0dHA6XC9cL3d3dy5vcGVudS",
  "exp" => $expire
);
$secret = "4e54273d5d17859d464cb9bf";

$jwtToken = JWT::encode($payload, $secret);
?>