I have a website where users have to go through Single Sign On (SAML SSO) to access the site. The website has a GUI where they enter information and send to the server.
Now I am building some RESTful api calls (no GUI). The URLs for the calls look like this: https://example.com/api/do-work. This resource is a python script.
However, there is no authentication setup for these calls yet and I would like to do so through SSO.
I was looking at an option to do this through the linux command line and the curl command. The curl command would include all the data necessary for SSO through the data flag like this:
curl --data "name=Bob&id=123456" https://example.com/api/do-work
Then in the python script I would build the SAML SSO request. If the user's details are valid I will return results to the user, otherwise tell them there was a problem with their credentials.
Is this the right way to do SSO with RESTful calls?
I've also been looking at JSON Web Tokens (JWT) as a possible solution.
