* added storyURL and storyID * added story scraping section * fixed typo on sso * rebaseing on latest release/4 branch * updated version on slack docs * added Contributing a Translation section to developing * fixing typos * updated v5 config page, reorder list, add toc * added cli sect, fixed contact menu link * updated talk to coral on contact page * added a new v5 auth section * added session length to auth docs * added an admin settings page to v5 * added v5 css section * added a v5 notifications section * updated faq and troubleshooting, moved out of v4 menu * added migrating to v5 and moved migrating section out of v4 * added plugins note to migration pg * fix: linting and extra HTML * change sidebar migrating v5 to v5.0+ Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com> * downtime being likely is too optimistic, it will be required Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com> * rewords plugins note on migrating to v5 Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com> * tag code block as html Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com> * added link to contributing * rephrased openid connect description * fixed link to contributing * correcting descriptions of email auth behavior Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com> * Adding link to css classnames Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com> * renamed new auth to Social and Email Authentication * pulled extra line breaks Co-authored-by: Wyatt Johnson <accounts+github@wyattjoh.ca>
5.2 KiB
title, permalink
| title | permalink |
|---|---|
| Single Sign On | /v5/integrating/sso/ |
In order to allow seamless connection to an existing authentication system, Coral utilizes the industry standard JWT Token to connect. To learn more about how to create a JWT token, see this introduction.
- Visit:
https://{{ CORAL_DOMAIN_NAME }} /admin/configure/auth - Scroll to the
Login with Single Sign Onsection - Enable the Single Sign On Authentication Integration
- Enable
Allow Registration - Copy the string in the
Keybox - Click Save
NOTE: Replace the value of
{% raw %}{{ CORAL_DOMAIN_NAME }}{% endraw %}with the location of your running instance of Coral.
You will then have to generate a JWT with the following claims:
jti(optional) - A unique ID for this particular JWT token. We recommend using a UUID for this value. Without this parameter, the logout functionality inside the embed stream will not work and you will need to call logout on the embed itself.exp(optional) - When the given SSO token should expire. This is specified as a unix time stamp in seconds. Once the token has expired, a new token should be generated and passed into Coral. Without this parameter, the logout functionality inside the embed stream will not work and you will need to call logout on the embed itself.iat(optional) - When the given SSO token was issued. This is required to utilize the automatic user detail update system. If this time is newer than the time we received the last update, the contents of the token will be used to update the user.user.id(required) - the ID of the user from your authentication system. This is required to connect the user in your system to allow a seamless connection to Coral.user.email(required) - the email address of the user from your authentication system. This is required to facilitate notification email's about status changes on a user account such as bans or suspensions.user.username(required) - the username that should be used when being presented inside Coral to moderators and other users. There are no username validations or restrictions enforced by Coral when you're using SSO.user.badges(optional) - array of strings to be displayed as badges beside username inside Coral, visible to other users and moderators. For example, to indicate a user's subscription status.user.role(optional) - one of "COMMENTER", "STAFF", "MODERATOR", "ADMIN". Will create/update Coral user with this role.
An example of the claims for this token would be:
{
"jti": "151c19fc-ad15-4f80-a49c-09f137789fbb",
"exp": 1572172094,
"iat": 1562172094,
"user": {
"id": "628bdc61-6616-4add-bfec-dd79156715d4",
"email": "bob@example.com",
"username": "bob"
}
}
With the claims provided, you can sign them with the Key obtained from the
Coral administration panel in the previous steps with a HS256 algorithm. This
token can be provided in the above mentioned embed code by adding it to the
createStreamEmbed function:
Coral.createStreamEmbed({
// Don't forget to include the parameters from the
// "Embed On Your Site" section.
accessToken: "{{ SSO_TOKEN }}"
});
Or by calling the login/logout method on the embed object:
var embed = Coral.createStreamEmbed({
// Don't forget to include the parameters from the
// "Embed On Your Site" section.
});
// Login the current embed with the generated SSO token.
embed.login("{{ SSO_TOKEN }}");
// Logout the user.
embed.logout();
External Integrations
You can integrate directly with the Coral GraphQL API in order to facilitate account updates for your users when using Coral SSO. The relevant mutations are as follows:
updateUserUsernamelets you update a given user with a new username using an admin token.updateUserEmaillets you update a given user with a new email address using an admin token.deleteUserlets you delete a given account using an admin token. Note that even with an admin token, you may not delete yourself via this method, and instead must use therequestAccountDeletionmutation instead. This differs from therequestAccountDeletionas it does the operation immediately instead of scheduling it asrequestAccountDeletiondoes.requestUserCommentsDownloadlets you retrieve a given account's comments download. This mutation will provide you with aarchiveURLthat can be used to download a ZIP file containing the user's comment export.
If you're unsure on how to call GraphQL API's, refer to the section here on Making your first GraphQL request.
Login Prompts
In order to handle login prompts (e.g. a user clicks on the sign in button) you can listen to the loginPrompt event.
var embed = Coral.createStreamEmbed({
// Don't forget to include the parameters from the
// "Embed On Your Site" section.
events: function(events) {
events.on("loginPrompt", function() {
// Redirect user to a login page.
location.href = "http://example.com/login";
});
}
});