Skip to main content

Enabling Single Sign-on

The button enables you to implement SSO for your users. If you have a user already logged in to your website it is recommended to implement the SSO so that your users are automatically logged in to editor.

How it Works?

  1. Your user logs in to your website.
  2. A SSO token is generated to identify the user. This happens on the server side using the SSO key provided.
  3. The generated SSO token is passed in the config (as embedToken) when creating an object from SDK.

Generating SSO JWT token on the server

A SSO Token is a JWT Token that stores data about the user and is signed with your unique SSO Key.

Python code to generate the JWT

  1. Install the library
pip install pyjwt
  1. Generate a JWT
jwt_token = jwt.encode({"aud": YOUR_APP_ID, "user_id": USER_ID},

JWT Payload

Payload for the JWT should be as follows:

"aud": "your_app_id", // App ID obtained from the account
"user_id": "user_id" // email or any unique id of your user

The payload contains the following parameters:

String. The unique app ID.

String. A unique id for the user.

Note about security

The SSO data is passed as an encoded token, know as a JWT (JSON Web Token) in the URL - the token is an alphanumeric string about 150 characters long. The token is signed using a special key ( SSO Key) that is unique to each account and only the account administrators have access to it. The data passed in the token is a user_id and app_id - no passwords are passed, encoded or otherwise. The token is then decoded by the servers and the signature is checked to verify the token was signed by the SSO Key associated with the account. If the token was not signed with the correct key the SSO login will fail.