Using Knock for SSO with multiple servers #85
Comments
andyrue
changed the title
Yes. If you want to be able to decode a token generated by your auth server, you need to share a secret signature key. This is the default configuration with Knock (see the initializer), you can change it to be anything you want. config.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base }
Knock is conceived to act as both the API and the Auth Server. But you can also use it on both sides separately! Here's an example of how to setup knock with Auth0 and a Rails API backend (that would be the Data API for you). In this case, Auth0 provides authentication as a service, so you don't need to care about implementing the Auth Server. Hope this helps! |
|
Do you still need a User model that responds to |
|
No it's not needed! You also don't need to run the |
|
Great, thanks for your help! |
I'm still wrapping my mind around how JWTs work and hoping for some guidance on how I might use Knock to help me in my situation.
I have an Authentication Server (Rails), a Client (Angular2), and a Data API (Rails). From the client I need to be able to authenticate with the auth server which would then give me permission to access the data api. I'm a little confused how to use the received JWT from the auth server with the data api. How does the data api decode the request that was signed by the auth server? Do I need to have the same 'secret' on both servers? I'm going for an SSO solution here so I'd like this to work with any *.mydomain.com. I assume Knock would be running on the Auth server since it has User accounts and I would need to implement something with straight JWT decoding on the Data API server.
I really appreciate any advice. Thanks!
The text was updated successfully, but these errors were encountered: