Instructions for using SSO in dev program

I am able to successfully use the general developer program API. However, I would like to use SSO as well but cannot find any SSO documentation (other than seeing my SSO UUID on my dev program info page). Are there any instructions somewhere on using SSO so users can log in to TroopTrack from my site and use the API-based tools I’m creating? Thanks!

I would be really interested in getting this working. The dev program info page that shows my credentials shows that I have an SSO UUID, but there’s no documented way to use SSO. Using SSO is much more secure than hard-coding my credentials into a php page for getting a token or asking other users to submit their TroopTrack username and password on my website. I will never ask other people to provide their TroopTrack username and password to my website directly in order to get their authentication token - SSO is the way to go to get other people to be able to use my custom API-enabled tools.

Since other users may read this that might not have used SSO - my take on using SSO securely (which could be off a bit) would be:

  • A user is on my webpage and wants to access their TroopTrack data through my custom tool.
  • They click a link to sign in, which takes them to a legitimate TroopTrack login page (or popup).
  • After logging in, it redirects them back to my page, with POST data of their authentication token (or some other key that allows my tool to retrieve their authentication token from a TroopTrack endpoint).
  • My tool can now use their SSO UUID as a user token to allow them to retrieve their data in my tools.

@dave I’ll assume for now that SSO isn’t ready for us to use - is there a plan to make SSO available for use? Thanks!

SSO is used by several organizations right now to authenticate with forums, stores, etc. but it doesn’t currently return the token used by the APIs. We will need to make a generic SSO endpoint for that. I want to think about that a bit.

Thanks for taking proper security steps. I will probably be able to roll out an SSO service for you soon.

Dave

OK, great! I look forward to it!

Is the SSO presently available as a generic authentication mechanism for troops? I.e. using trooptrack to provide log-in credentials to a troop independently developed application? Or is it restricted to partner-organization usage?

hi @dave, wondering if you have new thoughts on this? Thanks!

I want to do it. Just kind of swamped right now.

do you have an update on this?

Our goal is to setup a public website with a member section.
Our unit management tool is TT but we also use several private FB groups.
We would like to use TT credentials to access our members only section; is that possible?

I am looking for some kind of direction to access the Trooptrack API. I just received my Developer Program Credentials One is the API Token and the other is the UUID or SS). OK so I am trying to use these credentials to test access anything lets say I want to get the users. It takes two parameters.

  1. |X-Partner-Token| Your secret partner token
    2 . |X-User-Token| The token you received when you authenticated the user.

I plugged in my TOKEN API in the X-PARTNER-TOKEN and the SSO in the X-USER-TOKEN and got a 400 error. So I am not getting authenticated! Since there is not documentation on How to used this thing, can anyone tell what am I doing wrong??
I would appreciate it!

Tony

Well, I figured this out by posting to the Tokens endpoint I should know my own Token id, so this worked. Now I can get/post to the endpoints. My question is, what Type of Authentication this endpoints are using. I am trying to get test these endpoint in POSTMAN but can’t pass the authentication credentials. Does anyone knows what is authentication type for these endpoints.
Thanks,
Tony

@dave - I’m interested in using SSO so my members can login to portions of our Troop Website (runs on Wordpress). I cobbled together a piece of code to make this work with the API, but it’s fragile and not very secure. Is there anyway to learn how the “several organizations” are using SSO? Just trying not to recreate the wheel.

@TimMaloney the organizations I mentioned above were all using one-off SSO solutions. I’m happy to build a single SSO solution that you can use, but we should talk about how we approach it first.

As a developer, you get a partner token to use to make API calls. I think an SSO solution would need another token to identify the application we are an SSO provider for that is associated with the domain of the application (aka your WordPress site).

We would also want some sort of handshake so that you can confirm after the person logs in that the user authentication really came from TroopTrack. Perhaps we could do that by encrypting the user’s identifying information using a secret key associated with your application token that only your application and TroopTrack know.

What information would you expect to receive about the user during SSO?

Dave

@dave, sorry for the delayed response. In terms of what information I’d like to receive about a user, the most important piece of information is whether or not they’re a valid, authorized user. Thinking to future functionality, the following information may be helpful:

  • The user’s name and email (if available - for populating forms)
  • Whether the user is an Adult or a Scout
  • What patrol the member is assigned to
  • The member’s Troop position(s)

The last three bullets might be used to manage access to specific information or functionality on the website.

Thanks @TimMaloney . I might be able to work on this later this summer. We usually see a large drop off in user questions in July, and then they skyrocket back up in August. Ping me after the fourth and let’s arrange a meeting to talk through a solution.

Absolutely @dave. I’ll add a reminder now.