SSO Redirection

The client has to generate temporary token for SSO and redirect the user to Xoxoday with this temporary token. Let’s discuss the steps.There are two methods for this.

SSO Token from Company Session

Request

Following request has to be made with Company Bearer Authorization access token to fetch temporary SSO token. Via this the user is also registered automatically if not already registered.

curl -X POST {OAUTH_URL}/v1/oauth/sso/stores/company
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk5MTk4ODE2MDEsImV4cGlyZXNBdCI6IjIwMTktMDYtMjJUMTU6MDQ6NDEuNjAxWiIsInRva2VuX3R5cGUi'
--header 'Content-Type: application/json'
-d '{
  "user_input": "email@example.com",
  "tpd":{//this is third party session data to be sent by the client (eg. Darwin) with which xoxoday calls api for fetching and redeeming points.This is still under development. 
   "auth_header":"Bearer asdgfjhbsdlkjbasdlkjbadslkbdakasdhfjhfdb==",
   "employee_id":"4356XC90",
   "Uid":"TTEO32S99ERCL"
  }
}

Response

The response fetch the SSO token to the user using which the user can be redirected to the xoxoday marketplace

{
    "data": {
        "ssoToken": "0d793dc64230b71376308aacf582e7f835ff01b3"
    }
}

The user gets redirected to the Xoxoday storefront to the following URL with the ssoToken value obtained in the above response:

{OAUTH_URL}/v1/oauth/redirect/stores/{ssoToken}