Get started

Products

Access

Gate

Data Vault

Use cases

Onboarding

Analytics & Screening

Fraud & Security

Edge Authentication

Application Access Plane

Developers

Blog

Careers

2
Get started
New Feature/1 Nov, 2022

Social logins in 5 minutes or less

Today we are releasing our OpenID Connect (OIDC) SSO module which you can use to add Social logins and OIDC-compatible SSO to your app in less than 5 minutes.
Social logins can significantly boost user registration - for instance, Pinterest reported a 47% registration increase after adding Google One Tap to their website.

Introduction

Single Sign-On (SSO) is a popular choice amongst both services and users, increasing the service’s confidence in the user’s identity, and reducing the number of login credentials that users have to manage. You can now integrate SSO from third-party identity providers (IdPs) into your frontend with just a few lines of code using the /id SDK, and immediately start using additional features from /id.

Social logins can significantly boost user registration, for instance Pinterest reported a 47% registration increase after adding Google One Tap to their website.

A primer on SSO

What is SSO and how does it work? SSO involves a user granting your service access to their identity information held by a third party IdP, such as Google, Apple, or Facebook. Your service can then retrieve this information and use it to build a user profile, which can be enriched with internal data you collect. This means you can immediately personalize your UX to the user based on the existing information, and you can have greater confidence in the user’s identity. From the user perspective, they use their existing credentials (e.g., Google account), and can continue to log in to your service with those same credentials, reducing friction and minimizing the number of accounts that they must track.

There are multiple standards for implementing SSO. /id supports OpenID Connect (OIDC), a standard for authentication built on top of OAuth 2.0. OIDC is supported by many popular IdPs. In brief, OIDC works as follows:

  • You register your app with the IdP and obtain a client ID and secret
  • When a user wants to use SSO, you call an API exposed by the IdP with your client ID
  • The user is prompted to log in with the IdP
  • Your service receives an authorization code
  • Your service exchanges the authorization code with the IdP for identity and access tokens, authenticated with the client secret
  • The identity token is a JSON Web Token (JWT) that includes information about the user; the access token can be used subsequently to retrieve user information from the IdP, within the scopes that the user allowed.

With /id, you simply need to provide us with the client ID and secret, and call a single method from our SDK; we take care of the rest and return the tokens.

SSO in 5 minutes or less

We will use Google as an example. First, you need to obtain a client ID and client secret from Google - our dedicated guide provides step-by-step instructions on how to do this. Once you have these OAuth2 credentials, enabling SSO with SlashID requires just two steps.

The first is to register the OAuth2 credentials through the SlashID APIs:

curl --location --request POST 'https://api.sandbox.slashid.com/organizations/sso/oidc/provider-credentials' \
--header 'SlashID-OrgID: <YOUR ORG ID>' \
--header 'SlashID-API-Key: <YOUR API KEY>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "client_id": "<CLIENT ID>",
    "client_secret": "<CLIENT SECRET>",
    "provider": "google",
    "label": "A label for this set of credentials"
}

The second is to invoke the .id() method from your frontend as follows:

// In a module script
import * as slashid from '@slashid/slashid'
const sid = new slashid.SlashID()

const org_id = 'my_org_id' // organization ID, provided on registration with /id
const clientId = 'my.client.id' // client ID from the IdP
const provider = 'google' // the identity provider to authenticate with

let user = await sid.id(org_id, null, {
  method: 'oidc',
  options: {
    client_id: clientId,
    provider: provider,
    ux_mode: 'popup',
  },
})

By default SlashID will use a pop-up to prompt the user to login, but you can also decide to use a redirect flow instead. To do so, set ux_mode to ”redirect” and add an event listener to your webpage like the following:

addEventListener('load', async (event) => {
  let user = await sid.getUserFromURL()
  console.log('Retrieved user from URL', { user })
})

You can optionally set redirect_target to change the URL to redirect to after the flow is complete, by default it is the current page.

Behind the scenes, the /id SDK and backend will carry out the OIDC flow with the IdP using the credentials matching the client ID provided. If you set UX mode to popup, the SDK will return a User object, which is a /id token. If set to redirect, the URL specified will be loaded, with an additional URL query parameter appended. You can then use the getUserFromURL SDK method to obtain the User object.

In both cases, the User object represents a signed JWT that contains both a /id user token and the OIDC tokens from the IdP.

That’s it!

Conclusion

SSO is a great tool to increase user registration as part of the onboarding process. While there’s a lot of complexity behind OIDC and OAuth 2.0, our aim at SlashID is to handle that complexity for you so you quickly experiment with new features and new onboarding flows.

Please reach out to us if there’s a specific SSO provider you’d like us to support.

Related articles

Authentication flows with SlashID
New Feature/12 May, 2023

Authentication flows with SlashID

Implement MFA and Step-Up Authentication in React applications with SlashID.

Kasper Mroz, Ivan Kovic
Kasper Mroz, Ivan Kovic
React SDK support for <Groups>
New Feature/9 Feb, 2023

React SDK support for <Groups>

With the latest React SDK release we are introducing a new control component, <Groups>. You can use <Groups> to conditionally render parts of the UI depending on whether the authenticated user belongs to specific Groups.

Ivan Kovic, Vincenzo Iozzo
Ivan Kovic, Vincenzo Iozzo
Sign-in and Sign-up React component release
New Feature/18 Jan, 2023

Sign-in and Sign-up React component release

Today we’re happy to announce the next step in that journey to deliver a streamlined, low friction onboarding experience to our customers with the release of our sign-up/sign-in form component.

Ivan Kovic
Ivan Kovic
SlashID/Identity at scale
•••••••••••••

Onboard users

Move authentication to the edge.

Get started