Implement SSO for the OpenWeb iOS SDK
Execute SSO
There are two types of SSO available: Generic SSO and SSO with JWT secret. Please contact your OpenWeb PSM to pick the best option for you.
For more information about SSO authentication, read Implement single sign on.
Generic SSO
- Authenticate a user with your backend.
- Call
startSSOfunction and getcodeA. - Send the
codeAand all needed information to your backend system in order to getcodeB. - Call
completeSSOwith thecodeB.
// 1
func login(username: String, password: String) { [weak self] in
guard let self = self else { return }
MyAuthenticationProvider.login(
with: username,
password: password) { [weak self] result in
guard let self = self else { return }
switch result {
case .success(_):
self.authenticateWithSpotIm()
case .failure(let error):
handleLoginError()
}
}
}
// 2
func authenticateWithSpotIm() {
SpotIm.startSSO { [weak self] result in
guard let self = self else { return }
switch result {
case .success(let ssoResponse):
guard let codeA = ssoResponse.codeA else {
//Handle error
return
}
self.getCodeB(codeA: response?.codeA)
case .failure(let error):
//Handle error
break
}
}
}
// 3
private func getCodeB(codeA: String) {
MyAuthenticationProvider.getCodeB(with: codeA,
// Some identification that this user is authenticated to your backend system
...) { [weak self] result in
guard let self = self else { return }
switch result {
case .success(let codeB):
self.completeSSOWithSpotIm(codeB: codeB)
case .failure(let error):
handleError()
}
}
}
// 4
private func completeSSOWithSpotIm(codeB: String) {
SpotIm.completeSSO(with: codeB) { [weak self] result in
guard let self = self else { return }
switch result {
case .success(let userId):
// You can save the userId in case you support multiple users logged in at the same time in the application side
// Later on this userId can be checked with `SpotIm.getUserLoginStatus` function
break
case .failure(let error):
self.handleLoginError()
}
}
}
SSO with JWT secret
- Authenticate a user with your backend.
- Call
sso(withJWTSecret)function with a user JWT secret.
func authenticate(secret: String) {
SpotIm.sso(withJwtSecret: secret) { result in
switch result {
case .success(let ssoResponse):
guard ssoResponse.success else {
// Handle error
return
}
// Authenticated successfully
case .failure(let error):
// Handle error
break
}
}
}
Supporting signup/login flow
Support instantiating signup/login flow from the Spot.IM SDK UI, by providing
SpotImLoginDelegate when instantiating the SpotImSDKFlowCoordinator.
Calling the startLoginUIFlow delegate function should show some UI that will:
- Let the user signup/login into the app.
- Upon successful login will do the full SSO flow using the Spot.IM SDK API, to make sure the user is logged in to the Spot.IM commenting system as well.
Calling the renewSSOAuthentication delegate function should perform a silent SSO:
- Re-SSO the user to keep him logged in.
- This function will be called whenever an authentication token expired or for some reason an authentication error occurred and a user was logged in before.
- A userId field is used in order to keep track which user was logged in from before - allowing support in multiple logged in users in the application which is using the SDK.
extension ArticleViewController: SpotImLoginDelegate {
func startLoginUIFlow(navigationController: UINavigationController) {
// Show your login UI flow here, you can either `push` or `present` it
// Once the flow is done and SSO is completed we will dismiss the whole navigation stack
// You can still dismiss your UI at the end, but we will do it regardless
}
func renewSSOAuthentication(userId: String) {
// Renew SSO - Basically silent SSO again to keep the user connected
// This function will be called once a token is no longer valid and a user was connected from before
// Follow the above steps to renew the SSO
}
}
Display login prompt in full conversation
To add a customized login prompt above the full Conversation UI, you should implement the following optional SpotImLoginDelegate function.
To customize the login prompt see the section of Custom UI.
| Function | Description |
|---|---|
func shouldDisplayLoginPromptForGuests() -> Bool | This should be overridden and return true. |
The following example shows how to override this function in `SpotImLoginDelegate.
extension ArticleViewController: SpotImLoginDelegate {
func shouldDisplayLoginPromptForGuests() -> Bool {
return true
}
}
Logout
Call the OpenWeb logout API whenever a user logs out of your system.
func logoutFromSpotIM() {
SpotIm.logout { result in
switch result {
case .success(_):
// "Logout from SpotIm was successful"
break
case .failure(let error):
// Handle error
break
}
}
}
Login status
The OpenWeb login status API enables you to understand the status of the current OpenWeb user.
The status of a current user will be either guest or ssoLoggedIn(userId: String).
| Login Status | Description |
|---|---|
| guest | Unregistered guest user |
| ssoLoggedIn(userId: String) | Registered OpenWeb user |
getUserLoginStatus
Retrieve the login status of the current user.
func findUserLoginStatus() {
SpotIm.getUserLoginStatus { result in
switch result {
case .success(let loginStatus):
// You may login or do something after that
break
case .failure(let error):
// Handle error
break
}
}
}
Updated about 1 month ago