Auth for Branded App
All Cloudike branded apps (Mobile, Web, Desktop) can use custom web auth form via SSO service.
It very useful in cases when you:
- Already have own authorization flow, and you don't want give Cloudike access to user credentials
- Make a lot of changes in auth flow (for example, A/B tests), and you don't want to update mobile apps every time
- Need to show different authorization flows for different group of people
You can read more about Cloudike SSO API.
How does it work
To authorize user in Cloudike backend, the app needs the Mountbit-Auth token which can be taken from SSO service.
- App creates SSO ticket, gets the web page URL as a response from Cloudike backend.
- App will open the web page in Webview
- Web page takes user credentials
- Web page gets the Mountbit-Auth token and confirms SSO ticket
- Web page changes location to callback_url.
- App gets the Mountbit-Auth token from callback_url and closes WebView.
How to prepare your own auth form
Step 1. Get SSO ticket
Your web page will get ticket_id as a GET parameter. For example:
https://<YOUR_PAGE>?ticket_id=<TICKET_ID>
Save TICKET_ID for next steps.
Step 2. Authorize user
The web page needs to authorize user and get the Mountbit-Auth token as a result of this step.
Step 3. Confirm SSO ticket
Use follow SSO ticket confirm API
You need to send TICKET_ID and MOUNTBIT_AUTH_TOKEN from the previous steps:
curl -X POST -H "Content-Type: application/json" \
-d '{"token": <MOUNTBIT_AUTH_TOKEN>}' \
https://<CLOUDIKE_BACKEND_HOST>/api/2/sso/tickets/<TICKET_ID>/confirm
The response will contain callback_url.
{
"callback_url": "<YOUR_PAGE>/callback/?token=<MOUNTBIT_AUTH_TOKEN>"
}
Step 4. Redirect to callback page
Change location to callback_url from the previous step. For example:
window.location.replace("<CALLBACK_URL");
From this moment the mobile app has the Mountbit-Auth token and will close WebView.