Skip to main content

Authentication Flow Implementation

This page explains the implementation methods for authentication flow in the API server version, using the sample application's authentication features as examples.

info

For comparisons of implementation approaches and overall process flows, please refer to the Sample Application Overview.

Frontend Implementation

Post-Authentication Redirect Screen (Callback)

When you log in from the login screen generated by the SaaSus Platform, the URL set as the post-authentication redirect is called.

To perform a test run using this implementation sample, set it as http://localhost:3000/callback.

Post-Authentication Redirect

At the post-authentication redirect, a temporary code necessary for obtaining authentication information is passed in the query parameter (code=xxxxx). Implement the process to obtain JWT using this temporary code and save it in local storage.

Post-Authentication Screen Navigation Logic

The sample application checks user information after JWT acquisition and navigates to the appropriate screen using the following logic:

  1. User not belonging to any tenant: Navigate to the self-signup screen
  2. User belonging to multiple tenants: Navigate to the tenant list screen
  3. User belonging to a single tenant: Navigate to the user list screen (main screen)

This navigation logic ensures that users are directed to the most appropriate screen based on their current status.

Self-Signup Screen

It is necessary to check if the user is logged in, so call the API to get user information and confirm that the user is logged in.
Use the JWT stored in local storage for the API call.
By being able to obtain user information, you can confirm that the user is logged in.

The process for self-signup should be implemented according to whether self-signup is used or not.
If self-signup is not used, the screen for self-signup is not needed.

If self-signup is used, the process for self-signup will only be executed during the first login.
Whether it is the first login can be determined by whether the logging-in user is linked to a tenant.

User List Screen (Homepage)

The user list screen displays information about authenticated users and all users within the tenant. This screen serves as the central hub for user management.

Backend Implementation

JWT Retrieval API

The following links contain implementations of this API. Search for the function name or route definition to locate the relevant code.

User Information Retrieval API

The following links contain implementations of this API. Search for the function name or route definition to locate the relevant code.

This API internally calls the SaaSus API's Get User Info. For detailed information on how to utilize the response data, please refer to SaaSus API userInfo Response Data.

Self-Signup API

The following links contain implementations of this API. Search for the function name or route definition to locate the relevant code.

In order to confirm that the API request is from the user who logged into the SaaSus Platform, it is always necessary to confirm the login by retrieving the user information.

The self-signup process is as follows:
Prerequisite: The user who self-signs up becomes the administrator of the new tenant

a. Tenant creation
b. Link the logged-in user to the created tenant
c. Set the logged-in user as the admin of the tenant

User List Retrieval API

The following links contain implementations of this API. Search for the function name or route definition to locate the relevant code.

It is always necessary to confirm the login by retrieving the user information to verify that the API request originates from the user that is logged into SaaSus Platform.

SaaSus API userInfo Response Data

The Get User Info API response includes tenant information (tenants), environment information (envs), and role information (roles) as arrays. Understanding how to process this information is essential for implementing the navigation logic and access control in your SaaS application.

  • tenants array: In the design of your SaaS, if it is fixed to 1 tenant per 1 user, use tenants[0] fixed. If a user belongs to multiple tenants, it is necessary to decide which tenant to use. Example: Users linked to multiple tenants will see a tenant selection screen after logging in to choose a tenant.

  • envs array: id(name)【1(dev), 2(stg), 3(prod)】 dev, stg, prod do not refer to your SaaS's environments. They are SaaSus Platform's internal environment settings. Example: When users in your SaaS's production environment use sandbox functionality with test users, they would use 1(dev) or 2(stg). Normally, 3(prod) is used.

  • roles array: In the design of your SaaS, if it is fixed to 1 role per 1 user, use roles[0] fixed. If a user has multiple roles, implementation to check all roles is necessary. Example: In a design where a user can have both general user and administrator permissions, when displaying an admin screen that only administrators can see, implementation to reference all roles is required.