0

I'm working on making a login page with for SSO. The flow is that a user goes to an outside application, the application redirects to my login, which then recognizes that it's received a jwt authentication request, I authenticate the user and then redirect with a new token that I generate.

My question is, am I receiving a token in the request when the outside application redirects to mysite.net/login, or am I supposed to pick up the query string and recognize it?

I tried it for myself and it went to mysite.net/login?return_to=%2F

Are they sending me a token (like how I normally do serverside) and if so, how do I access it?

Here's the documentation in question: https://support.aha.io/hc/en-us/articles/203636345-Idea-portal-single-sign-on-JSON-Web-Token-JWT-

Seth Killian
  • 908
  • 9
  • 20

1 Answers1

0

window.location.search gives you access to the entire "query string", which is the name of the thing you are talking about.

Here's a Stackoverflow answer that demonstrates how to pass it: How can I get query string values in JavaScript? But there are probably a whole lot of NPM packages that do the same thing. Or you could do a very simple regex / replace string.

danielgormly
  • 1,050
  • 1
  • 7
  • 16
  • Getting the query string isn't the problem for me, I'm just unclear if the indication that I'm supposed to redirect to the other application is the`return_to=%2F` parameter. – Seth Killian Sep 07 '18 at 14:54
  • Sorry, totally skimmed your question. I read the documentation... No they are not sending you a token. You send the client a JWT who forwards it to them so they can sign in. I assume this JWT is signed with a shared secret. The `return_to` parameter is simply used to direct the user to a path within the outside application after they've authenticated with the outside application. – danielgormly Sep 07 '18 at 15:10
  • Ok, that makes sense! That's what I figured but the documentation was a bit vague. – Seth Killian Sep 07 '18 at 17:36