Single Sign-On

The platform API uses OAuth 1.0 with long-lived tokens generated at the time of User account creation. There are clients available for a variety of languages that can be used as libraries or reference examples. In order to authenticate to CodeGuard using OAuth, the required attributes below must be included as URL parameters.

OAuth Attributes

  • oauth_consumer_key
  • oauth_signature
  • oauth_nonce
  • oauth_timestamp
  • oauth_token
  • oauth_signature_method

To facilitate easy single sign-on for customers from a partner dashboard, you can generate the same OAuth signed requests that are used for other programmatic API requests. When used in a browser with application/html request headers instead of application/json for API calls, a user session is created and the customer is signed in.

The most common way partners implement single sign-on is to generate a signed URL when loading the customer dashboard (or a similar page) and adding the signed link as the target of a button or link with a "Login to Sectigo Web Security Platform" call to action.

As an example, using the OAuth Simple Library, you can generate a signed URL with

public function getSSOURL() {
      return $this->user_host_api . $this->getURL("/websites", "GET", "");
    }
    public function getURL($api_url, $method, $params){
        return $this->_getSignedURL($api_url, $method, $params);
    }
    private function _getSignedURL($uri, $method, $params){
        $oauth = new \OAuthSimple($this->getUserApiKey(), $this->getUserApiSecret());
        $oauth_response = $oauth->sign( array(
            'path' =>  $uri,
            'signatures' => array(
                'access_token' => $this->getUserAccessToken(),
                'access_secret' => $this->getUserAccessSecret(),
            ),
            'action' => $method,
            'parameters' => $params
        ));
        return $oauth_response['signed_url'];
    }

In this case, the user_host_api is https://platform.sectigo.com and the getUser* calls return the user’s unique oAuth credentials which we return on Create User.

Using the resulting signed URL and linking to it in the browser will allow the customers to log in with.