OAuth Single-SignOn with Ajax+CORS
Code badges:
This web-component requires a service into your website to sign the OAuth base-string. The signer service should be implemented according to the following specification:
-
Request
POST /signer HTTP/1.1 Host: www.my-website.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Accept: application/json, text/javascript, */*; q=0.01 Cookie: session_id=1ab5c _csrf_token=123456&baseString=GET%26http%253A%252F%252Fsso.another-website.com%252Fgrant%26oauth_consumer_key%253Dkey%2526... -
Response
HTTP/1.1 200 Ok Content-Type: application/json; charset=UTF-8 {"signature":"base_string_signed","userData":{"name":"John","email":"[email protected]"}}
Include the web-component on the page and make its setup:
<script type="text/javascript" src="/js/jquery.js"></script>
<script type="text/javascript" src="/js/oauth-cors-sso.js"></script>
<script type="text/javascript">
function redirectToExternalWebapp(event) {
var oauth;
if (event) event.preventDefault();
oauth = new OAuthSSO({
"sso": {
"service_url": "https://sso.external-webapp.com/sso-service/products",
"consumer_key": "my_granted_webapp_source"
},
"signer": {
"path": "/external-webapp-signer",
"csrf_param": {
"name": "_csrf_token",
"value": "1a5bc"
}
}
});
oauth.auth(function (external_webapp_url) {
window.location = external_webapp_url;
});
}
</script>Usage example:
<html>
<head>
<!-- add the scripts here -->
</head>
<body>
<a href="javascript: redirectToExternalWebapp(event)">Go to external WebApp!</a>
</body>
</html>