SDK Integration: Seamless Sign-In For Embedded Scenarios

The PeerBoard Community SDK Integration: Seamless Sign-In For Embedded Scenarios

We have two ways to automatically log members into PeerBoard. One is for simple cases, when your PeerBoard lives outside of your website and you want to create signed links for the members to automatically log them in (read more here). And another is for SDK setups, when your PeerBoard instance is embedded into your website. This guide explains how to do that.

Overview

When using our SDK, you can authenticate your users into PeerBoard so that they will be already logged in and can start interacting with your community right away.

The general process of seamless authentication can be described in the following steps.

On your backend, create the payload for the user you want to sign into PeerBoard. It should contain at least an email and the user identifier to keep it in sync and send notifications and digests.
Encode and sign the payload with our API Auth Token. You can find it in your community Settings -> Hosting. We are using JWT standard to decode and validate the payload signature. You can pass additional user profile information such as name, bio, tagline, and role with the token to update the user on every login. 💡 Note You may use our API to do a complete synchronization if needed later.
Upon initializing the board, we will read and validate the token on our backend, create or update the user and create a secure session using HTTP only cookies.

Implementation

Setup external login URL to the login page of your application in Settings -> SSO, so that if we need to authenticate a user in the community we will redirect her to this page.
Start generating JWT tokens as described in this detailed guide here.
On your frontend make a request for the token and pass it to the createForum function options.

const jwtToken = await getPeerBoardTokenFromBackend();
// If you have server-side rendering, you can pass the token directly with your page.

createForum(boardId, containerHTMLElement, {
   // ...other options
   jwtToken: jwtToken,
});

4. If you'd like to log out a user instead of automatically logging in, you can pass a logout flag. We recommend passing it always when there's no session on your end to properly log out everybody from PeerBoard too (we're going to implement a proper logout API at some point). To do so, simply replace jwtToken: token with anon: true parameter (don't use both).

This is it. Don't forget to finish the checklist in our general manual.

We hope this helps and you have successfully managed to set it up. If you have any questions, please email us at integrations@peerboard.com. We are happy to help!