{
    "componentChunkName": "component---src-templates-article-page-template-js",
    "path": "/concepts/social-logins-and-sso/",
    "result": {"data":{"markdownRemark":{"frontmatter":{"title":"Social logins & SSO","slug":"social-logins-and-sso","updated":"2020-12-16T00:00:00.000Z","category":"concepts-users-and-authentication","ingress":"Flex allows your users to authenticate themselves using a 3rd party identity provider.","skills":null},"htmlAst":{"type":"root","children":[{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"This document gives an overview of how different login solutions work\nwith Flex. To find guidance on how to implement login using a specific\nservice, refer to the following how-to guides:"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"ul","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"/docs/legacy/how-to/enable-facebook-login/"},"children":[{"type":"text","value":"Enable Facebook login"}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"/docs/legacy/how-to/enable-google-login/"},"children":[{"type":"text","value":"Enable Google login"}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"/docs/legacy/how-to/enable-open-id-connect-login/"},"children":[{"type":"text","value":"Enable OpenID Connect login"}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"/docs/legacy/how-to/setup-open-id-connect-proxy/"},"children":[{"type":"text","value":"How to set up OpenID Connect proxy in FTW"}]}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h2","properties":{"id":"using-a-third-party-identity-provider","style":"position:relative;"},"children":[{"type":"element","tagName":"a","properties":{"href":"#using-a-third-party-identity-provider","ariaLabel":"using a third party identity provider permalink","className":["anchor","before"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]},{"type":"text","value":"Using a third party identity provider"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"In addition to username and password based authentication, Flex allows\nmarketplace users to authenticate using a third party identity provider.\nAn identity provider can be used to authenticate the user when a new\nuser account is created or when a user logs into the marketplace to a\npreviously created account."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"A general overview of using a third party identity provider when logging\nin or creating a user is as follows:"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"/docs/legacy/background-assets/sso-auth-flow-large.png"},"children":[{"type":"element","tagName":"span","properties":{"className":["gatsby-resp-image-wrapper"],"style":"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 635px; "},"children":[{"type":"text","value":"\n      "},{"type":"element","tagName":"span","properties":{"className":["gatsby-resp-image-background-image"],"style":"padding-bottom: 89.30817610062893%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAASCAYAAABb0P4QAAAACXBIWXMAAAsTAAALEwEAmpwYAAACXUlEQVQ4y3WU2XLbMAxF/f9f2DTppIktcd8XifbDbUFKsj1uHzCQKPFgIXhPdb1ibVe06w0+L3Cpdr+sDcuyorZrXyOLZR3ra0Ou7Vhfr7e+trYbTgRMpaK2hlCWDiNf1gYfE8pCG5cDmHJFSBmprkfwnbG0K060oEyC5hlGZXDtoNV45yIcWe+bTSwwoTxVY2OB8gkuLzj5skCq2AFaJjBtuzcElOHIulsZm3XIT0Dy2qf+fAAVS5AiYpIaQngonjCfHYwoIxhVIDLknKBt6vBHoHoEKpUgWMAsLSahu+fcg108rCqwsg5TFUokaPea4R249dDIAm0yuPHQ2zsB6ZnawLSDMH4A7R3ocoV9AVJDt2i70Y988tAsY+YGF64heYCaEowr/cRDn4i1/699vgP1Dkz3saHmX4wDTxkibpYymPWYlMXsIyYXMLuIiw2YbOgBXjJULkLa0IOclYUIGSIk8JAgQ+6lf3CF95nj7euC9/OMHzPHp7aI/wKabSxMyB0o4wCKDkzg2o9+0rOPED6B+Qj2mKF+AJInGHlGB5QKdBxGwaQdFdBB2Dysr7v/HAr1bh/eUfIol4yymZXFLybxiwn8PM/4mBjetpJfMqQT24F0vb6VBQupHwBZL007fAvdv/2WGl/K4FMZfBt3B0oXe5Zm6x3BlKP58093mUaJgmuXxpWk0TnG5qFk6ovYeiNM6ANMQbh5FQcb67M4UC+pRfsckvTkMjRtj0a+bvJF35/kq1TEXA497NrZbl3WDj1cWuta9ng/CViXAX4U2L6+tkMPyWhvF96/evgHgB9eef9EYuMAAAAASUVORK5CYII='); background-size: cover; display: block;"},"children":[]},{"type":"text","value":"\n  "},{"type":"element","tagName":"picture","properties":{},"children":[{"type":"text","value":"\n          "},{"type":"element","tagName":"source","properties":{"srcSet":["/docs/legacy/static/1cbf45240d1f219fb974b0845ce3fc8e/82e29/auth-flow.webp 159w","/docs/legacy/static/1cbf45240d1f219fb974b0845ce3fc8e/ef33f/auth-flow.webp 318w","/docs/legacy/static/1cbf45240d1f219fb974b0845ce3fc8e/f1837/auth-flow.webp 635w","/docs/legacy/static/1cbf45240d1f219fb974b0845ce3fc8e/e961d/auth-flow.webp 720w"],"sizes":"(max-width: 635px) 100vw, 635px","type":"image/webp"},"children":[]},{"type":"text","value":"\n          "},{"type":"element","tagName":"source","properties":{"srcSet":["/docs/legacy/static/1cbf45240d1f219fb974b0845ce3fc8e/8b9b5/auth-flow.png 159w","/docs/legacy/static/1cbf45240d1f219fb974b0845ce3fc8e/fa108/auth-flow.png 318w","/docs/legacy/static/1cbf45240d1f219fb974b0845ce3fc8e/53fb6/auth-flow.png 635w","/docs/legacy/static/1cbf45240d1f219fb974b0845ce3fc8e/1efcc/auth-flow.png 720w"],"sizes":"(max-width: 635px) 100vw, 635px","type":"image/png"},"children":[]},{"type":"text","value":"\n          "},{"type":"element","tagName":"img","properties":{"className":["gatsby-resp-image-image"],"src":"/docs/legacy/static/1cbf45240d1f219fb974b0845ce3fc8e/53fb6/auth-flow.png","alt":"Auth flow using a 3rd party identity provider","title":"Auth flow using a 3rd party identity provider","loading":"lazy","decoding":"async","style":"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;"},"children":[]},{"type":"text","value":"\n        "}]},{"type":"text","value":"\n    "}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"The different actors in the diagram above are:"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"ul","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Browser"}]},{"type":"text","value":" The FTW React application running in user's browser"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"FTW backend"}]},{"type":"text","value":" FTW Node application that runs on a server"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Identity provider"}]},{"type":"text","value":" A service that provides user authentication, for\nexample, Facebook"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Flex API"}]},{"type":"text","value":" Flex Marketplace or Auth API"}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Details on the requests in the diagram above:"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"1.-4."}]},{"type":"text","value":" This is standard OAuth2/OpenID Connect login flow. This part\nmay differ depending on the identity provider that is being used but the\nflow is usually like this: user is redirected to the identity provider\nto provide their credentials, an authorization code is returned, which\nis traded to a token with a request to the identity provider from the\nFTW backend. What token is obtained depends on the identity provider and\nprotocol in use."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"5.1"}]},{"type":"text","value":" Invokes "},{"type":"element","tagName":"code","properties":{},"children":[{"type":"text","value":"/current_user/create_with_idp"}]},{"type":"text","value":" endpoint in Flex\nMarketplace API. The token obtained from steps 1.-4. is passed here\namong a few other details. Returns a current user entity."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"5.2"}]},{"type":"text","value":" Invokes "},{"type":"element","tagName":"code","properties":{},"children":[{"type":"text","value":"/auth_with_idp"}]},{"type":"text","value":" endpoint in Flex Auth API. The token\nobtained from steps 1.-4. is passed here among a few other details.\nReturns access and refresh tokens."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"6."}]},{"type":"text","value":" Validates the token passed in as a parameter in 5.1 or 5.2.\nDepending on the identity provider in use, this may or may not include a\nrequest to the identity provider."}]}],"data":{"quirksMode":false}},"headings":[{"value":"Using a third party identity provider","depth":2}]}},"pageContext":{"slug":"social-logins-and-sso","category":"concepts-users-and-authentication"}},
    "staticQueryHashes": ["3794076007","439097193","717698143"]}