Auth for Branded App
All Cloudike branded apps (Mobile, Web, Desktop) can use custom web auth form via SSO service.
It very useful in cases when you:
- Already have own authorization flow, and you don't want give Cloudike access to user credentials
- Make a lot of changes in auth flow (for example, A/B tests), and you don't want to update mobile apps every time
- Need to show different authorization flows for different group of people
You can read more about Cloudike SSO API.
How does it work#
To authorize user in Cloudike backend, the app needs the Mountbit-Auth token which can be taken from SSO service.
- App creates SSO ticket, gets the web page URL as a response from Cloudike backend.
- App will open the web page in Webview
- Web page takes user credentials
- Web page gets the Mountbit-Auth token and confirms SSO ticket
- Web page changes location to callback_url.
- App gets the Mountbit-Auth token from callback_url and closes WebView.
How to prepare your own auth form#
Step 1. Get SSO ticket#
Your web page will get ticket_id as a GET parameter. For example:
https://<YOUR_PAGE>?ticket_id=<TICKET_ID>Save <TICKET_ID> for next steps.
Step 2. Authorize user#
The web page needs to authorize user and get the Mountbit-Auth token as a result of this step.
Step 3. Confirm SSO ticket#
Use follow SSO ticket confirm API
You need to send <TICKET_ID> and <MOUNTBIT_AUTH_TOKEN> from the previous steps:
curl -X POST -H "Content-Type: application/json" \ -d '{"token": <MOUNTBIT_AUTH_TOKEN>}' \ https://<CLOUDIKE_BACKEND_HOST>/api/2/sso/tickets/<TICKET_ID>/confirmThe response will contain callback_url.
{ "callback_url": "<YOUR_PAGE>/callback/?token=<MOUNTBIT_AUTH_TOKEN>"}Step 4. Redirect to callback page#
Change location to callback_url from the previous step. For example:
window.location.replace("<CALLBACK_URL");From this moment the mobile app has the Mountbit-Auth token and will close WebView.