Skip to main content

How SSO Works for Marketplace Partners

Created on
Updated on
Nov 26, 2024

2 min read

Overview

If you’re integrating with marketplace and have your own portal that you’d like the customers that have activated your add-on to be able to access, this guide is for you. In this guide, we’ll go over the steps necessary for you to successfully allow QuickNode customers to log into your service.

When you create an SSO flow, you get the following pieces of information to log the customer in:

  1. Email
  2. Users name
  3. Organization name
  4. QuickNode ID

The flow at a high level looks something like this:

Generating a secret key and sharing it with QuickNode

We require that you generate a key no longer than 64 characters that you keep secure. You can generate a secure 64 key with python like this:

import secrets
priv = secrets.token_hex(32)

With this, you’ll drop the secret into the JWT Secret field on the add-on registration form:

We’ll use it to sign JWTs that we send over to the URL you provide us in the dashboard-url key in the provisioning or update responses. We have a full guide that explains provisioning, updating and de-provisioning your add-ons here.

Decoding the JWT and logging the customer in

Once a user has decided they’d like to go from QuickNode to your portal, they’ll click a link that says “Dashboard” that looks something like this (right side):

We’ll then use the JWT Secret you gave us to sign a JWT and forward the user to your service with the JWT in the URL like so:

https://auth.yoursite.com/access/jwt?jwt=eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2NjM4MjAxNjMsImp0aSI6IjE2NjM4MjAxNjMvYmQ3MzAxZmFmZDhjMmU4ODAwZGEwMmU1MDY2OWQ5YjYxOGQzIiwibmFtZSI6Ikx1YSBCZWVlZSIsImVtYWlsIjoidGVzdEBxdWlrbm9kZS5pbyIsIm9yZ2FuaXphdGlvbl9uYW1lIjoiUXVpY2tOb2RlIiwicXVpY2tub2RlX2lkIjoiMGZmZTFhYmQxYTA4MjE1MzUzYzIzM2Q2ZTAwOTYxM2U5NWVlYzQyNTM4MzJhNzYxYWYyOGZmMzdhYzVhMTUwYyJ9.BLO4zzLmFxls-sb60qiy7PRn3ogkKgyBwmOv2ZahFdY

You can decode this JWT like so:

import jwt
info = jwt.decode(
encoded_jwt,
"secret-from-section-above",
algorithms=["HS256"]
)

After decoding and verifying the signature on the JWT, be sure to log the user into your service and redirect them to their specific portal. The exact keys that are sent over are name, email, organization_name, and quicknode_id.

🚨It’s very important to verify the JWT was signed with your private key.

That’s it! If you have any questions, don’t hesitate to reach out!

We <3 Feedback!

If you have any feedback or questions on this guide, let us know here! We’d love to hear from you!

Share this guide