Single Sign-On

Integrate your website’s login system with FeedBear

Single Sign-On or simply SSO is a tool that allows users to securely authenticate themselves in multiple platforms using one single set of credentials.

You have certainly used it at some point when logging in to a website using your Google or Facebook credentials for example.

FeedBear SSO will allow your website users to log in to your FeedBear Board using their existing credentials. You can also redirect your logged-in website users to your FeedBear Board while keeping them logged in, improving the user experience.

Getting started

It is extremely important that you have full access to your server environment and that you keep a backup of the existing code before proceeding so that you can easily revert any changes if necessary.

1. Copy your FeedBear private key

A core part of the SSO integration comes from security, and to make sure the authentication share across the two websites is secure you will need the private key, which can be found under “Project Settings > SSO” as you can see below:

Copy your key into a safe place as you will use it moving forward.

2. Install a JWT Library into your website

We use JSON Web Tokens (JWT) to authenticate users, the token is composed of a name and email, encrypted and signed on your server, allowing FeedBear to verify that the token comes from a trusted source without exposing your user information.

In order to be able to generate the JSON Web Tokens, you will need to install a library on your website.

There are different libraries that can be used for this purpose and your will need to find the one that fits best into your project, the following website provides you with a list of libraries organized per programming language, which should give you a good starting point on picking the right one: https://jwt.io/libraries

3. Validate the user login

Under the SSO settings, you will be required to provide a URL to which users will be redirected when they click the “Login” button in your FeedBear Board, see below:

That URL used should provide the user with a login form, and you will need to handle the user authentication once the form is submitted.

4. Generate the JWT token

In your website code, right after you have authenticated the user, you will want to generate the JWT Token using the library you previously installed.

Each website is different, as well as the libraries that can be used for generating the JWT Token, so make sure to check the documentation for the library you chose, as it will give you a better understanding of how the token should be generated.

You will need to use the user name and email to generate the JWT Token.

For didactic purposes, here is a code sample to help you with understanding the steps and the logic:

//Include the JWT Library
use \\Firebase\\JWT\\JWT;

// Save the FeedBear private key into a variable
$privateKey = 'YOUR_FEEDBEAR_PRIVATE_KEY';

// Create the array containing the user information
$userInfo = array(
'email' => $userEmail,
'name' => $userName
);

// Generate the JWT token
$jwtToken = JWT::encode($userInfo, $privateKey, 'HS256');

5. Redirect the user back to your FeedBear Board

Now that the user is authenticated and the token has been generated you will need to send the user back to your FeedBear Board along with the token.

A simple URL redirect will do the job here, something like this:

// Redirect the user back to the FeedBear board authentication endpoint with the token
header('Location: https://board.feedbear.com/sso/auth?payload=' . $jwtToken);

The URL that should be used in the redirect must use the following structure:

{{ YOUR FEEDBEAR BOARD URL}}/sso/auth?payload={{ GENERATED JWT TOKEN }}

FeedBear will then log the user in using the data provided in the JWT Token (name and email).

6. Enable SSO

Now that all the changes are in place, you will need to provide your login URL and test the JWT token generated on your website to make sure it works as expected, you can do so using the highlighted fields from your “Project Settings > SSO” area:

Save the login URL and validate your JSON Token, you will then be able to enable SSO on your project:

Once SSO is enabled the “Login” button on your FeedBear Board will start redirecting users to the Login URL you provided.

If you find any issues with the integration use this URL to login as an admin and then disable the SSO integration: https://app.feedbear.com/users/sign_in

Still need help? Contact Us Contact Us