Fixiam Button Component Integration Guide
This guide provides a comprehensive walkthrough for integrating Fixiam with your application to enable user authentication via OpenID Connect (OIDC). The steps cover login, retrieving an access token, and verifying the token for secure API calls.
1. Prerequisites
Ensure you have the following ready:
- Unique Application or Client ID: e.g., custom-app-name.
- Fixiam Authentication URI: The URL where users will be redirected after authentication, e.g., https://org-name.iam.seamfix.com/realms/seamfix-pilot/protocol/openid-connect/auth?client_id=custom-app-name&response_type=token&redirect_uri=https://custom-app-name.com/login
- Redirect URI: The URL where users will be redirected after authentication, e.g., https://custom-app-name.seamfix.com/login.
- Server Environment For backend token verification: Nodejs has been used for this guide.
Fixiam Configuration
- Login to Fixiam here
- Click on Applications > Apps > Add New Application > Custom Application > Configure SSO using OIDC/OAuth
- Fill in the forms with the relevant information including your Redirect URL and click on Next.
- On the Attribute Mapping tab, click on Add Attribute and enter a name and value. E.g email/Email. Please note that this will be returned in the access token if authentication is successful and should correspond to your application user's unique identifier.
2. Fixiam Login Button Integration
HTML Code Example
Embed the following HTML snippet in your application to create a login button:
<a href="{{iamAuthenticationUrl}}">
<button style="font-weight: normal !important; padding: 16px 16px !important; background-color: #38c25b !important; color: white !important; border: none; cursor: pointer;">Login with Fixiam
</button></a>
Notes
- Replace the client_id and redirect_uri in the iamAuthenticationUrl with your application's specific values.
- Upon successful login, the user is redirected to the specified redirect_uri with an access token in the URL fragment: https://your-redirect-uri?access_token=eyJhbGc...
3. Access Token Usage
Token Format
The access token is a JWT (JSON Web Token). It contains encoded information about the user and is used to authenticate API calls.
Example Token Fragment
?access_token=eyJhbGc...
Token Breakdown
Use https://jwt.io to inspect the token structure. The token should include the user email. If not, login to Fixiam and update the attribute mapping to include the user email.
4. Token Verification
Why Verify?
Token verification ensures that:
- The token is issued by a trusted authority.
- The token has not been tampered with.
Verification Steps in Node.js
Add the following Node.js code to your backend service to verify tokens:
const jwt = require('jsonwebtoken');
const jwksClient = require('jwks-rsa');
const client = jwksClient({
jwksUri:'https://organization-name.iam.seamfix.com/realms/organization-name/protocol/openid-connect/certs'
});
function getKey(header, callback) {
client.getSigningKey(header.kid, (err, key) => {
if (err) return callback(err);
const signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
});
}
const token = '<access_token_here>'; // Replace with the actual token from the user
const options = { algorithms: ['RS256'] }; // Specify the expected algorithm
jwt.verify(token, getKey, options, (err, decoded) => {
if (err) {
console.error('Token verification failed:', err);
} else {
console.log('Token decoded:', decoded);
}
});Key Points and Next Steps
-
https://organization-name.iam.seamfix.com/realms/organization-name/protocol/openid-connect/cert provides the public keys for token verification.JWK URI: -
The token is signed with RS256. Ensure this algorithm is specified in the verification options.Algorithm: -
Upon successful verification, your application can then process to generate the regular JWT it uses for authentication.Application Authentication:
Updated about 2 months ago