Implement SSO for the OpenWeb iOS SDK

Execute SSO

There are two types of SSO available: Generic SSO and SSO with JWT secret. Please contact your OpenWeb PSM to pick the best option for you.

For more information about SSO authentication, read Implement single sign on.


Generic SSO

  1. Authenticate a user with your backend.
  2. Call startSSO function and get codeA.
  3. Send the codeA and all needed information to your backend system in order to get codeB.
  4. Call completeSSO with the codeB.
// 1
func login(username: String, password: String) { [weak self] in
    guard let self = self else { return }                                            
    MyAuthenticationProvider.login(
        with: username,
        password: password) { [weak self] result in
            guard let self = self else { return }                   
            switch result {                   
                case .success(_):
                    self.authenticateWithSpotIm()
                case .failure(let error):
                    handleLoginError()
            }
    }
}

// 2
func authenticateWithSpotIm() {
    SpotIm.startSSO { [weak self] result in
        guard let self = self else { return }   
        switch result {
            case .success(let ssoResponse):
                guard let codeA = ssoResponse.codeA else {
                    //Handle error
                    return
                }
                self.getCodeB(codeA: response?.codeA)
            case .failure(let error):
                //Handle error
                break
        }
    }
}

// 3
private func getCodeB(codeA: String) {
    MyAuthenticationProvider.getCodeB(with: codeA,
        // Some identification that this user is authenticated to your backend system
        ...) { [weak self] result in
            guard let self = self else { return }                                
                switch result {                   
                    case .success(let codeB):
                        self.completeSSOWithSpotIm(codeB: codeB)
                    case .failure(let error):
                        handleError()
                }
        }
}

// 4
private func completeSSOWithSpotIm(codeB: String) {
    SpotIm.completeSSO(with: codeB) { [weak self] result in
        guard let self = self else { return }                              
        switch result {
            case .success(let userId):
                // You can save the userId in case you support multiple users logged in at the same time in the application side
                // Later on this userId can be checked with `SpotIm.getUserLoginStatus` function
                 break
            case .failure(let error):
                self.handleLoginError()
        }                             
    }
}


SSO with JWT secret

  1. Authenticate a user with your backend.
  2. Call sso(withJWTSecret) function with a user JWT secret.
func authenticate(secret: String) {
    SpotIm.sso(withJwtSecret: secret) { result in
        switch result {
            case .success(let ssoResponse):
                guard ssoResponse.success else {
                    // Handle error
                    return
                }
                // Authenticated successfully
            case .failure(let error):
                // Handle error
                break
        }
    }
}


Supporting signup/login flow

Support instantiating signup/login flow from the Spot.IM SDK UI, by providing
SpotImLoginDelegate when instantiating the SpotImSDKFlowCoordinator.

Calling the startLoginUIFlow delegate function should show some UI that will:

  1. Let the user signup/login into the app.
  2. Upon successful login will do the full SSO flow using the Spot.IM SDK API, to make sure the user is logged in to the Spot.IM commenting system as well.

Calling the renewSSOAuthentication delegate function should perform a silent SSO:

  1. Re-SSO the user to keep him logged in.
  2. This function will be called whenever an authentication token expired or for some reason an authentication error occurred and a user was logged in before.
  3. A userId field is used in order to keep track which user was logged in from before - allowing support in multiple logged in users in the application which is using the SDK.
extension ArticleViewController: SpotImLoginDelegate {
    func startLoginUIFlow(navigationController: UINavigationController) {
        // Show your login UI flow here, you can either `push` or `present` it
        // Once the flow is done and SSO is completed we will dismiss the whole navigation stack
        // You can still dismiss your UI at the end, but we will do it regardless  
    }
  
    func renewSSOAuthentication(userId: String) {
        // Renew SSO - Basically silent SSO again to keep the user connected
        // This function will be called once a token is no longer valid and a user was connected from before
        // Follow the above steps to renew the SSO
    }
}


Display login prompt in full conversation

To add a customized login prompt above the full Conversation UI, you should implement the following optional SpotImLoginDelegate function.
To customize the login prompt see the section of Custom UI.

FunctionDescription
func shouldDisplayLoginPromptForGuests() -> BoolThis should be overridden and return true.

The following example shows how to override this function in `SpotImLoginDelegate.

extension ArticleViewController: SpotImLoginDelegate {
    func shouldDisplayLoginPromptForGuests() -> Bool {
        return true
    }
}


Logout

Call the OpenWeb logout API whenever a user logs out of your system.

func logoutFromSpotIM() {
    SpotIm.logout { result in
        switch result {
            case .success(_):
                // "Logout from SpotIm was successful"
                break
            case .failure(let error):
                // Handle error
                break
        }
    }
}


Login status

The OpenWeb login status API enables you to understand the status of the current OpenWeb user.

The status of a current user will be either guest or ssoLoggedIn(userId: String).

Login StatusDescription
guestUnregistered guest user
ssoLoggedIn(userId: String)Registered OpenWeb user

getUserLoginStatus

Retrieve the login status of the current user.

func findUserLoginStatus() {
    SpotIm.getUserLoginStatus { result in
        switch result {
            case .success(let loginStatus):
                // You may login or do something after that
                break
            case .failure(let error):
                // Handle error
                break
        }
    }
}


Did this page help you?