Flow on how to setup an SSO authentication with a JWT bearer

Issue

This Content is from Stack Overflow. Question asked by Stefano Terrana

for a job, I have to propose a flow (a classic UML diagram) describing the process of SSO authentication using a JWT token (so I have to realize a JWT-based SSO).

I’m not an expert on this and I have just the following info:

  • an oauth2 endpoint is ready and working, and it’s a URL like https://example.com/aouth2/token
  • I have a page with a simple form where a user can enter username and password
  • In the server is hosted a .pem file containing the public key for signing the JWT token (there is also a private key)
  • When the user logins, the client receives a JSON response with the access and refresh tokens, expiration, and so on
  • The user now can access a specific URL pointing to the company’s web app he has to use

Does someone have a certain experience in this? How can a typical flow be, which describes the functioning of a JWT-based SSO with just the info above?



Solution

This question is not yet answered, be the first one who answer using the comment. Later the confirmed answer will be published as the solution.

This Question and Answer are collected from stackoverflow and tested by JTuto community, is licensed under the terms of CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.

people found this article helpful. What about you?