Better support for SSO/OAuth login with Nango about nango HOT 3 CLOSED

This sounds very interesting at a high level. The client would still need to know how to manage the user. For example, Firebase Authentication works in a similar way. Once the login is completed, Firebase sends an access token, which then needs to be verified on your server to ensure it was generated by Firebase. This verification is necessary because the authentication flow is initiated in the front end.

In the case of Nango, it seems that the front-end client will call Nango for authorization, providing only the desired provider for SSO. Nango will handle the authorization process and retrieve user information from the selected provider. Afterwards, Nango will generate a JWT token containing the user's sub, audience, email, and name, based on the user info. This JWT token can be added to a redirect URL provided by the client.

When the client logs a user in, they will need to call back to Nango to verify that the token was indeed created by Nango. During token verification, Nango will return the user's email and a connection ID (generated by Nango). In this case, Nango can use the email as the connection ID. All this will only be possible for providers that have user info endpoint.

I would like to know if this solution would be useful for the users, and I am happy to proceed with it. If needed, I can also provide a rough flow diagram for better visualization.

from nango.

I've seen several tickets regarding fragmented support for the OAuth2 spec, what are the current ones supported, and there are other flows that might be considered?

For now, it seems:

• implicit-flow seems to be missed
• OIDC (seems the case for calendly)
• any other?

from nango.

Moved to internal issue tracker

from nango.