SSO Setup

If the SSO feature is activated on your account, ReachFive will manage the end-user’s cookie session.

When a user logs in, a session cookie is created on your ReachFive domain (youraccount.reach5.net). This allows the user to not having to log in again on a later visit, or when accessing another website linked to the same ReachFive account.

On your website, the state of the session must be checked before displaying the login UI. If a session is active, the user must be directly authenticated and the login UI bypassed.

With ReachFive’s authentication widget

If you are using our authentication widget, this process is implemented transparently:

// If a session is active, the widget will not be displayed, and the
// authentication process will be triggered with the specified auth parameters.
reach5('showAuth', {
  container: document.body,
  auth: {
    redirectUri: 'https://mydomain.com/login/callback'
  }
});

With a custom UI

If you are using a custom UI, you must explicitly check the session state (with getSessionInfo command) before displaying the UI.

If a session is active, you can use the loginFromSession command to authenticate the user.

var authOptions = {
    redirectUri: 'https://mydomain.com/login/callback'
};

reach5('getSessionInfo', function (err, session) {
    if (session.isAuthenticated) {
        // If a session is active, trigger the authentication process
        reach5('loginFromSession', authOptions, function (err) {
          console.error(err);
          document.getElementById("login-form").style.display = 'block';
        })
    } else {
      // If not, display the login form
      document.getElementById("login-form").style.display = 'block';
    }
});

Silent authentication

If you want to authenticate users on your your website’s public pages without triggering a browser redirect, you can use Silent Authentication.

It allows to retrieve an id token and an access token directly, without a redirect (the authentication process happens in a hidden iframe).

reach5('checkSession',
    {
      nonce: 'abcd' // The nonce links the retrieved id token with the local session
    },
    function (err, authResult) {
      if (err) {
        if (err.error === 'login_required') {
          // No active session
        } else {
          // Unexpected error
          console.error(err)
        }
      } else {
        // Authenticate the current user locally
      }
    }
);