Q: I want SSO for the following: If I signed in one web app e.g. one.sampleapp.com, which has a link to second web app, e.g. two.sampleapp.com, and I click on two.sampleapp.com, it should not ask me to login again.
A: We support this as part of our Seamless SSO feature. LoginRocket will keep track of each user’s session and if still logged in, automatically forward them back to your app.
To make this work with 2 apps, you’ll want to use only 1 Connected App (with the Redirect URIs setting) and then use the
redirect_uri= parameter to LoginRocket. Here’s how it works:
By default (when the Connected App -> Redirect URIs field is blank), LoginRocket always sends a finished login to the Login Handler URL, with the
token= parameter added.
However, by adding the URLs to each of your apps to Redirect URIs (eg:
https://one.sampleapp.com/, etc), you can then pass in a
redirect_uri= param to LoginRocket. When the login is finished, as long as the value of the
redirect_uri= param begins with one of the values in Redirect URIs, the user will be directed there instead, with
When combined with the session tracking mentioned above (which can be turned on at: Realm -> Settings -> LoginRocket -> Seamless SSO), LoginRocket can automatically transfer users between your apps, providing a copy of the token to each app, so they can treat them as a login.
redirect_uri parameter would look like this: when your app isn’t logged in and needs to request a login, redirect the user to:
You can include your own params for the
redirect_uri URL, you’ll just need to URL encode them. So you’d send the URL encoded equivalent of something like:
Note that all of this works whether using subdomains (one.sampleapp.com and two.sampleapp.com) or entirely separate domains (app-one.com and app-two.com).
Questions? Find a Typo? Get in touch.