Back end

Single Sign-On (SSO) Integration Guide

RebelMouse has introduced a streamlined feature that enables a seamless single sign-on (SSO) integration between RebelMouse, an OAuth client such as Sharetribe, and an OpenID provider such as Google OAuth. In this setup, RebelMouse functions as the identity provider (IdP) that handles user authentication, while the OAuth client acts as the consumer of the authentication data. The integration ensures that users logging in via RebelMouse are authenticated across both the RebelMouse and OAuth systems, offering a unified and secure login experience.

Key Features

  • RebelMouse serves as the IdP, managing user authentication.
  • User session information is shared across RebelMouse and the OAuth client application.
  • User data, including user ID, first name, last name, and email address, is passed securely to the OAuth application for user authentication.

Integration Flow

1. User Initiates Login

The user attempts to log in to the OAuth client using Google as the identity provider.

  • Action: The OAuth client initializes the authentication flow by requesting that RebelMouse authenticates the user.

2. Authentication Flow Goes Through RebelMouse

Once the authentication request has been received, RebelMouse begins the OAuth flow using Google as the OpenID provider.

Action: RebelMouse automatically initiates the OAuth process with Google, redirecting the user to Google's login page.

3. User Completes Authentication Through Google

The user completes the login process on Google's OAuth page.

  • Action: Once authenticated by Google, the OAuth client sends a callback request to RebelMouse's designated URL with the necessary user information payload.

4. RebelMouse Creates a User/Logs the User In

RebelMouse processes the callback and verifies the user’s details. If the user doesn't exist in RebelMouse, they are created and then logged in.

  • Action: RebelMouse creates the user if needed, and establishes a session for them.

5. Session Shared With the OAuth Application

RebelMouse passes the authenticated user data (user ID, first name, last name, email address) to the OAuth client, ensuring the user is logged in on both systems.

  • Action: The OAuth client processes the user’s details and creates a corresponding session on its platform.

6. Successful Login

The user is now authenticated on both RebelMouse and the OAuth client and can continue their session seamlessly.

Data Flow Details

During the authentication process, the following user data is securely shared between RebelMouse and the OAuth client:

  • User ID: The unique identifier for the user in RebelMouse.
  • First Name: The user's first name as provided during Google’s OAuth authentication.
  • Last Name: The user's last name as provided during Google’s OAuth authentication.
  • Email: The user's email address registered with Google.

This data ensures that the OAuth client can recognize the user and manage the session accordingly.

Client Backend Adjustments

We currently support the standard OAuth 2.0 flow, including OpenID Connect (OIDC). However, certain OAuth providers may request specific scopes or grant types that are not supported by our platform. In such cases, Client Backends can serve as a bridge, adjusting the requests sent by the OAuth provider to align with our supported flows and scopes.

For example, some OAuth 2.0 providers may require specific scopes or grants that our system does not support. Client Backends can intercept these requests, translate them into the scopes or grants that we do support, and then forward them accordingly. Essentially, it acts as a bridge to modify the data exchange. However, it's worth noting that the use of Client Backends is rare and only necessary when adjustments are required.

In the following example, you can see how data is modified during the authorization process. The script converts unsupported scopes into those that are supported by our system and redirects the user to the appropriate URL for continued processing.

The Grants We Currently Support

  • implicit
  • authorisation_code
  • password
  • refresh_token
  • openid_code

The Scopes We Currently Support

  • profile
  • email

Configure OAuth 2.0 per Site

The following table outlines essential OAuth fields, their descriptions, and their purpose(s) to help guide the setup and understanding of an OAuth-based integration. The details outlined are required for our team to enable this feature. Each field plays a crucial role in ensuring a smooth and secure SSO integration process between RebelMouse, the OAuth client, and the OpenID provider.

Field

Description

Keep reading... Show less
RebelMouse's Active Core Web Vitals Monitoring System
Rebel Insights

RebelMouse's Active Core Web Vitals Monitoring System

Behind the Scenes: The internal Core Web Vitals monitoring system that keeps our clients ahead

In the competitive digital landscape, providing a top-notch user experience on your website is critical to standing out and attracting your target audience. This is where Core Web Vitals (CWV) come into play. CWV are the essential metrics defined by Google that focus on the speed, responsiveness, and visual stability of a web page. At RebelMouse, we specialize in CWV verification and optimization services to ensure that your website not only meets these vital performance thresholds, but also exceeds them.

Keep reading... Show less
Stats Dashboard

Stats : SEO Report


Keep reading... Show less
Stats Dashboard

Stats : Third-Party Analytics


Keep reading... Show less
Build on a Better PlatformReady to See More?
Request a Proposal
Stats Dashboard

Stats : Export Your Data


Keep reading... Show less
Stats Dashboard

Stats : Audience


Keep reading... Show less
Build on a Better PlatformReady to See More?
Request a Proposal