Authentication with Talk: comprehension question


#1

Hi all,

I checked the authorization documentation as well as the talk-token-example on Github.
In the GitHub example a token is been created and a request is send to the server (simple cURL requests). In the example request which is send to the server, id 1 is submitted. Now the question: Where is the ID coming from? Is this an information which is loaded from the cookie? Somehow I have to submit this information from the server where the article and SSO is located to the server where Talk is hosted.

The solution I´m searching for is after the customer logged into our webpage, he is immediately logged into Talk. No more action is needed from customer perspective to log into Talk (neither via SSO, Facebook, Twitter, etc).

Many thanks in advance


#2

Hi Simon! You set the ID for the JWT when you create it. You can read more about JWTs here: https://jwt.io/introduction/

Reference this in our docs: https://docs.coralproject.net/talk/integrating/authentication#create-jwt-token

Quoting the relevant section:

You should create an external service that is responsible for generating a JWT for use with Talk. The token can be generated as easy as checking out the following node app: https://github.com/coralproject/talk-token-example

Using that demo application, you’ll see how you can:

  • Create a node application that can issue JWT’s that are compatible with Talk.
  • Provide a validation endpoint that can be used by Talk to validate the token and get the user via the tokenUserNotFound hook.

It’s also important to note a few requirements for proper integration with Talk. The generated JWT must contain the following claims:

  • jti: a unique identifier for the token (like a uuid/v4)
  • exp: the expiry date of the token as a unix timestamp
  • sub: the user identifier that can be used to lookup the user in the mongo database
  • The user may not yet exist in the database, but that’s the responsibility of the tokenUserNotFound hook.
  • iss: the issuer for the token must match the value of TALK_JWT_ISSUER
  • aud: the audience for the token must match the value of TALK_JWT_AUDIENCE