1

Is there a way to use OAuth as a Single Sign On process with Jawbone ?

Currently I am forced to "agree" the application permissions every time I try to connect to my website/app and so getting an access_token.

If yes, how to implement it ?

I am expecting a behavior as airbnb.com when you are using "Log in with Facebook / Google"

Or is it a technical jawbone design choice?

Thank you for your help.

Gregor
  • 45
  • 6

2 Answers2

0

I don't know for sure, but the documentation doesn't really show that the API is meant for what you're trying to do. I don't think it's designed (from a user perspective) to be used to SSO.

robertshippey
  • 33
  • 8
0

You could technically use the UP OAuth flow for SSO, and the way you would do it is also the answer to your over-arching question of not having to perform the OAuth handshake every time.

Here's what you need to do:

  1. When a user needs to sign-in, use the normal OAuth pattern: redirect to login, callback to your server, exchange the code for an access token.
  2. Now that you have the access token, you need to save it and the user's XID. You can get the XID from any endpoint.
  3. In your application, maintain a connection between this user and the saved XID/access token. This could be a database row, a cookie, local storage, etc.
    1. Use the connection in #3, to pull up the user's XID/access token whenever you need it, so that you don't have to redo the OAuth handshake.

After that you'll have some architectural decisions to make:

  • How will you store the user's info (some suggested options in #3 above)?
  • When the user leaves your application, will you log the user out?
  • If the user is logged out, will you perform the OAuth again or have some other method to link a returning user to an existing XID/access token?
  • When the access token expires (after 1 year), will you automatically refresh using the refresh token, or will you have the user perform the OAuth again?
RAY
  • 474
  • 4
  • 21