Introduction of WizNote SSO

11/18/2019

SSO is supported in the private server of WizNote. It is easy to develop to add a link address in your OA, users could visit WizNote through this link rather than input account and password.

Enable SSO Feature

Sign in the WizNote with your admin account, then click the avatar, choose the System Settings, enable SSO feature in OAuth.

It will display two input areas, titled clientId and clientSecret.

Notice: You must keep the clientSecret safe and only use it on your private server and no leaking it, or even add them on any client or browser.

You could also choose whether the creating account automatically allowed. If it is not allowed, users must create accounts in WizNote with email firstly. If it is allowed, it will create a WizNote account when the user clicks the SSO link.

By allowing create an account automatically and disable sign up at the same time, it could avoid users to create accounts casually and have to sign in via your OA.

Get the Access Token

This is a Nodejs instance:


const API_URL = 'http://192.168.1.100'; //Server address of WizNote

// TODO: replace it to your server settings
const OAUTH_SETTINGS = {
  clientId: 'xxx',
  clientSecret: 'xxx',
};

async function getAccessToken() {
  //
  const {clientId, clientSecret} = OAUTH_SETTINGS;
  const url = `${API_URL}/as/oauth/token?clientId=${clientId}&clientSecret=${clientSecret}`;
  const response = await axios.get(url);
  const {data} = response;
  if (!data || data.returnCode != 200) {
    console.error(response);
    throw new Error('failed to get token');
  }
  return data.result.accessToken;
}

Get the sign-in URL

The user could sign in WizNote immediately via the URL, which was got by userId(email).

If the current account does not exist, and it allowed to create an account automatically, WizNote will create a new account according to the email of the current user, then lead to the website of Wiznote.

If it did not allow the user to create accounts automatically, then an error will be reported.


async function getLoginUrl(userId) {
  const accessToken = await getAccessToken();
  const url = `${API_URL}/as/oauth/service/login_url?accessToken=${accessToken}&userId=${userId}`;
  //
  const response = await axios.get(url);
  const {data} = response;
  if (!data || data.returnCode != 200) {
    console.error(response);
    throw new Error('failed to get login url');
  }
  const loginUrl = data.result;  
  return loginUrl;
}

Notice

You must verify your identity in the OA before generating the sign-in URL. If you have not verified it, it will cause an issue of data security that the data could be malicious access.

After getting the sign-in URL, pass it to the web page. The user could visit the WizNote web application by clicking the link.

If the clientSecret was leaked unintended, you could reset it in Settings.

Required Version

WizNote server ver 1.0.7

Instance

This is a node.js instance includes a server and a demo webpage.

Download