Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Single Sign-On ( Backend Side )

What Is Single Sign-on (SSO)? How It Works

https://www.youtube.com/watch?v=O1cRJWYF-g4

Authentication vs Authorization.

These are two very different things, often confused with one another as they share similar use cases. Authentication is the act of providing legitimate credentials, in order to prove that you are who you say you are. This often takes the form of an email and password. Authorization is the act of being allowed/denied access to a service. This takes form in some sort of local pass, native to the app you are using. Say you are getting on a plane. Your passport is your authentication, and your plane ticket is your authorization. The thing about OAuth2.0 is the authentication is taken care of, in this case, by Facebook. You, as a service, still need to handle authorization. Nice. That summarises its use case. Let’s figure out what the code is going to do before we start writing it. In short, this is what will happen.

  1. A user goes onto your website. They click login with Facebook.
  2. They will be redirected to Facebook, where they will login.
  3. If authenticated, Facebook will send us (the client) a special id token. This special token can be used to talk to Facebook, and get the users details.
  4. We will see this token, and send it back to Facebook, along with a App Secret (we need to prove that WE are who we say we are, as well! They dont just give out details of their users to any old server).
  5. Once us (the client) is authenticated, we are then given a JWT. This will hold all the information the user has allowed to share with us. It is usually an email and a name.
  6. We (the client) then authorise that user to use our service. We make a user object, store their details in it, and then…
  7. We redirect them to whatever page they want to go to.