Reputation: 197
How to implement SSO correctly with Frontend/Backend Architecture
I want to ask advice for a recommended or standard way in implementing SSO login based on a FrontEnd/BackEnd architecture.
Currently, I will need to implement a 3rd party SSO Login. The process is as below:
- User click "3rd party login" in my website
- Route to 3rd party interface for SSO login.
- Once done login, redirect back to my website
FYI, my system architecture consist of a frontend (angular) and a backend (rest api - stateless). Based on above case, I can think of 2 type of way to integrate:
Way 1
- User click "3rd party login" in frontend
- Route to 3rd party interface for SSO login.
- Once done login, redirect back to backend
- Validate the request and set token, and backend will redirect to my frontend
Way 2
- User click "3rd party login" in frontend
- Route to 3rd party interface for SSO login.
- Once done login, redirect back to frontend
- Frontend will make a call to backend to validate and get result/token
- If validated successfully, frontend will redirect to the home page.
The difference between way 1 and way 2 is that the "redirect URL". When SSO login complete, it should always route to frontend or backend?
Please do advice me on the recommended/standard implementation.
Btw, I tried to check online but didn't see any suitable advice. If you found any, please share to me. Thanks again and appreciate the help.
Upvotes: 7
Views: 5743
Answers (1)
Reputation: 21
I am now aware of the recommended/standard way for implementing the scenario.
However, I have worked on a project where we have implemented the sso in the frontend. But in my opinion, it depends upon your project.
If so is implemented in the frontend, they have to pass the token with every call to the backend. The backend has to check the token every time so that no one is able to make calls to the backend directly for example from the postman.
If so is implemented in the backend, the frontend won't have to pass the token. And as the backend maintains the token the external calling of api is already handled.
Upvotes: 1
Related Questions
- SSO Setup for a Saas Application
- How to implement SSO with multi back-end services and decoupled architecture
- Single Sign On (SSO) solution/architecture for Single Page App (SPA)
- SAML : How to implement SSO (Single sign on ) for an web application
- Implementing an SSO solution
- How to integrate AD authentication + SSO with exsisting Forms authenticated Saas web application
- How to develop single sign on framework
- Single Sign On (SSO) Scenario - Please Provide Guidance
- SSO with SAML - This scenario possible?
- Is this SAML SSO implementation correct?