VitNode

Custom Single Sign-On (SSO)

Learn how to implement a custom Single Sign-On (SSO) in your application.

SSO is a user authentication process that allows a user to access multiple applications with one set of login credentials.

Build-in SSO

VitNode has a build-in providers like Google or Facebook. Go to Guide for SSO to enable and configure SSO in your application.

Custom SSO

As an example, we will implement a custom SSO for Google.

Provide URL

First, you need to provide an URL for the SSO to redirect client to Google login page.

VitNode provides redirect_uri and client_id for you to use.

apps/backend/src/app.module.ts
@Module({
  imports: [
    VitNodeCoreModule.register({
      database: {
        config: DATABASE_ENVS,
        schemaDatabase,
      },

      ssoLoginMethod: [

        {
          name: 'Google', 
          code: 'google', 

          getUrl: ({ redirect_uri, client_id }) => {

            const params = new URLSearchParams({
              client_id, 
              redirect_uri, 
              response_type: 'code', 
              scope: 'openid profile email', 

            });

 

            return {

              url: `https://accounts.google.com/o/oauth2/auth?${params}`,

            };

          },

        },

      ],
    }),
    DatabaseModule,
    PluginsModule,
  ],
})
export class AppModule {}

Handle Callback

After the user login with Google, Google will redirect the user back to your application with a code. You need to handle this code to get the access_token.

apps/backend/src/app.module.ts
@Module({
  imports: [
    VitNodeCoreModule.register({
      database: {
        config: DATABASE_ENVS,
        schemaDatabase,
      },
      ssoLoginMethod: [
        {
          name: 'Google',
          code: 'google',

          callback: async ({

            client_id,

            client_secret,

            code,

            redirect_uri,

          }) => {

            const res = await fetch('https://oauth2.googleapis.com/token', {

              method: 'POST',

              headers: {

                'Content-Type': 'application/x-www-form-urlencoded',

              },

              body: new URLSearchParams({

                client_id,

                client_secret,

                code,

                redirect_uri,

                grant_type: 'authorization_code',

              }),

            });

 

            return await res.json();

          },
          getUrl: ({ redirect_uri, client_id }) => {
            const params = new URLSearchParams({
              client_id,
              redirect_uri,
              response_type: 'code',
              scope: 'openid profile email',
            });
 
            return {
              url: `https://accounts.google.com/o/oauth2/auth?${params}`,
            };
          },
        },
      ],
    }),
    DatabaseModule,
    PluginsModule,
  ],
})
export class AppModule {}

Get User Info

After you get the access_token, you need to get the user info from Google. Create registerCallback() function to get the user info.

apps/backend/src/app.module.ts
@Module({
  imports: [
    VitNodeCoreModule.register({
      database: {
        config: DATABASE_ENVS,
        schemaDatabase,
      },
      ssoLoginMethod: [
        {
          name: 'Google',
          code: 'google',

          registerCallback: async ({ access_token }) => {

            const res = await fetch(

              'https://www.googleapis.com/oauth2/v1/userinfo',

              {

                headers: {

                  Authorization: `Bearer ${access_token}`,

                },

              },

            );

            const data = await res.json();

 

            return {

              email: data.email,

              id: data.id,

              name: data.name,

              verified_email: data.verified_email,

            };

          },
          getUrl: ({ redirect_uri, client_id }) => {
            const params = new URLSearchParams({
              client_id,
              redirect_uri,
              response_type: 'code',
              scope: 'openid profile email',
            });
 
            return {
              url: `https://accounts.google.com/o/oauth2/auth?${params}`,
            };
          },
          callback: async ({
            client_id,
            client_secret,
            code,
            redirect_uri,
          }) => {
            const res = await fetch('https://oauth2.googleapis.com/token', {
              method: 'POST',
              headers: {
                'Content-Type': 'application/x-www-form-urlencoded',
              },
              body: new URLSearchParams({
                client_id,
                client_secret,
                code,
                redirect_uri,
                grant_type: 'authorization_code',
              }),
            });
 
            return await res.json();
          },
        },
      ],
    }),
    DatabaseModule,
    PluginsModule,
  ],
})
export class AppModule {}

Use SSO

Now, you can use the SSO in your application. Go to AdminCP => Settings => Authorization => Login Methods to enable your SSO.

Callback URL

The callback URL will be https://yourdomain.com/login/sso/{your_sso_code} /callback. For example, https://yourdomain.com/login/sso/google/callback.

Edit on GitHub

Previous

Sitemap

Next

Upload Files

On this page