Single Sign-On | LoopedIn

If your customers already have user accounts in your application, then you can enable Single Sign-On (SSO) to automatically log in your customers to LoopedIn as well.

In order to implement SSO, we use JSON Web Tokens (JWT) to securely exchange user information. You will need to generate a JWT on your server, passing in the user credentials required in order to identify your customers.

By default, we require an email field and a name field to be provided back in the JWT response. See the example at the bottom of the page for more details.

User Flow

When SSO has been enabled, the following user flow is observed:

1. Unauthenticated users will be prompted to log in when they attempt to vote, comment or submit content

2. Upon clicking "Log in", they will be redirected to your website, where they can sign up or login

3. Your website will generate an SSO JWT, and return this to LoopedIn (note: when directing the user to your log in page, we provide a returnURL parameter, which should be used when returning the user back to LoopedIn)

4. LoopedIn will process the provided JWT, and identify the user

5. The user will now be authenticated and can vote, comment or submit content

SSO Setup

1. Get your SSO Key from https://app.loopedin.io/settings#/sso

2. Create a special login page on your website where users can log in. When a user logs in, their details will be used to generate a special code called SSO JWT.

3. This SSO JWT code is created using your private SSO Key (from step 1) and a particuar method called HS256 algorithm.

4. Once the SSO JWT code is generated, the user will be redirected back to LoopedIn website with the SSO JWT code in the query string with the variable name "token". For example, the URL might look like this: ${returnURL}?token=${ssoJWTToken} (https://app.loopedin.io/<your-product-slug>?token=asdfashgnvoisdd...)

5. On the same website as before https://app.loopedin.io/settings#/sso , enter the URL of the login page you created in step 2 into the "Login URL" field.

6. Click "Test URL" - this will make a call to the URL provided, and check for a valid response

7. If a valid response is received, then the "Enable SSO" toggle will become available for you to switch on

NodeJs Example

1. Install a JWT library, such as jsonwebtoken

npm install jsonwebtoken

2. Create SSO token and redirect to LoopedIn

const jwt = require('jsonwebtoken');
const ssoToken = 'YOUR_SSO_KEY';
const userData = {
    email: user.email,
    name: user.name
}
const userToken = jwt.sign(userData, ssoToken, {algorithm: 'HS256'});
const ssoRedirect = req.query.returnURL;
return res.redirect(`${ssoRedirect}?token=${userToken}`);

Note: when directing the user to your log in page, we provide a returnURL parameter, which should be used when returning the user back to LoopedIn, as seen above.

Using SSO tokens with iFrames

SSO tokens can also be applied to iFrame URLs to automatically authenticate users. Similar to the above, by appending ?token=USER_TOKEN to the iFrame URL, this will automatically authenticate the customer.