SSO Login

Single Sign-on feature allows your learners to sign into Teachmore through your external platform in a single login.

Once a user has signed up in your external platform you can create SSO Login url and use it to redirect them to Your Teachmore Academy by following the below steps

https://<your-domain>/<any-url>?ssoToken=<jwt-token>

Sample JWT Token will look like the following

aaaaaa.bbbbb.cccccc

JWT token consists of three sections each separated by dots(.),

1.Header

2.Payload

3.Signature

Header of the JWT Token in turns has two parts, the signing algorithm ("alg"), in teachmore we currently support HS256 algorithm for encryption. And the second part is the type of the token, which is JWT.

Your JWT Token header should look like the following

{

"alg": "HS256",

"typ": "JWT"

}

Payload is Base64URL encoded version of the payload data which you send

Payload format

{

"email": "<email>",

"full_name": "<name>",

“expires_at”: “<issue_created_at_time>”

"external_id": <external_user_id>

}

=> email (required field) - email of user in external platform. We will create new user for your academy with teachmore, if there is not an already existing user with the email provided

=>full_name(required field) - name of the user. Used while creating a user

=> expires_at(required field) - the time at which the sso login linkwas initiated at.

=> external_id(optional - Typically Authenticated Users Id from your external platform. If supplied external_id can be used as the unique Id of the user. When a user is trying to login to Your Teachmore academy through SSO, if an external_id is provided, Teachmore will look for an user with the same external_id. In case of User not found with the same external_id Teachmore’s system will attempt to create a new User.

To create the signature for the JWT Token. You will have encoded Header, encode Payload, Api Token, the Algorithm specified in the Header and sign it

For Example, the signature is created in the following way

HMACSHA256(

base64UrlEncode(header) + "." +

base64UrlEncode(payload),

,api-token

)

Your Unique Api Token will be found in Your Teachmore Academy’s Admin Dashboard -> Setting -> SSO Login .

Once generated the JWT Token will look like the following,

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.cjMwJWpF2gSsenugy8Y9VMdPUK5lkTCl99ZSML93_18

Step1 : store your api key locally (Do not share it with anyone outside your organization)

api_key = "005607d3e1e0972f2ce553bb65b47be77ff5ce8ed4040925b54e8c8b3296a5b4"

Step2: construct the data for the current users who will be using the link

# {:full_name=>"Shakti", :email=>"shakti@teachmint.com", :expires_at=>"1656410666"}

data = { full_name: "Shakti", email: "shakti@teachmint.com", expires_at: "#{5.days.from_now.to_i}"}

Step3: Encode the data and api key as JWT using HS256 algorithm

token = JWT.encode data, api_key, 'HS256'

# eyJhbGciOiJIUzI1NiJ9.eyJmdWxsX25hbWUiOiJTaGFrdGkiLCJlbWFpbCI6InNoYWt0aUB0ZWFjaG1pbnQuY29tIiwiZXhwaXJlc19hdCI6IjE2NTY0MTA2NjYifQ.U5Sx85FSjZjYoVQ1z-vpo4OrYYWYBEp2N_fnLk-75qI

Step4: Attach the encoded JWT token in params as shown below to the “redirect link”

https://jobors.teachmore.com/?sso_token=eyJhbGciOiJIUzI1NiJ9.eyJmdWxsX25hbWUiOiJTaGFrdGkiLCJlbWFpbCI6InNoYWt0aUB0ZWFjaG1pbnQuY29tIiwiZXhwaXJlc19hdCI6IjE2NTY0MTA4OTEifQ._4ajg0KGCU5TeNQOC_jeFnItk7JgaABLWCPwZDiVQes