How to authenticate an application user with SuperOffice legacy federated authentication

Some tooltip text!

• 1 minute to read

 • 1 minute to read

Before introducing OAuth 2.0, our web services used SuperOffice legacy federated authentication. This is no longer the preferred method.

Caution

This form of authentication is deprecated. SAML is legacy. You must use standard OAuth 2.0 user authentication.

Pre-requisites:

• You have received a unique client ID and secret
• You have whitelisted your redirect URL (GET or POST) with SuperOffice
• You have set up a web page at your redirect URL
• The application user has a valid username and password

Steps:

1. Forward users to the SuperOffice online sign-in page to authenticate.

   http://{env}.superoffice.com/login/?app_id=YOUR-APP-ID

2. Receive the authentication token when the sign-in page redirects the user back to your application. The HTTP response contains a form in the body:

   <form action="redirecturl" method="post">
     <input type="hidden" name="key" value="<value>" />
   </form>
   

   The hidden input type has name set to SAML or JWT. The value is set to the security token of the corresponding type.

3. Validate the authentication token. This is required each time a token is received to ensure that no attacks happened between sending the authentication request and receiving the authentication response.