Authorization Forwarding Information – Red e App Support

RedeApp offers third-party applications the opportunity to establish authentication forwarding for mutual customers via App Hub.

With auth forwarding established, customers will have the ability to add an AppLink to their RedeApp network housing a URL that will send the user to the third-party site along with the user’s authentication information in the form of a signed JSON web token to confirm the user’s identity.

Responsibilities and Process for Auth Forwarding

Customer:
- The customer will use a custom URL provided by third-party and turn on ‘Auth Forwarding’ when setting up the AppLink
RedeApp:
- When a user taps the AppLink, RedeApp will generate the user’s JWT and append it to the third-party URL query string.
  - The JWT will contain the user’s:
    - Network_id (unique identifier for each customer network)
    - Employee_key (unique identifier within each customer network)
    - Account_id (unique identifier within the RedeApp platform)
    - Username
    - Email address
Third-party:
- Third-party will decode the JWT to confirm the user’s employee_key.
- Verify the JWT signature using our Public Key (see below).
- Then, authenticate the user into the system with the associated account.

Example

In the network’s AppHub, publish an AppLink like this:
- https://__your_site.com
And that redirects to:
- https://__your_site.com?redeapp_jwt=eyJ0…
When the third-party backend (__your_site.com) decodes the redeapp_jwt, they can identify the user with the employee_key (red e key) within the JWT payload.

Our public key

Third parties should use our public key to verify the JWT (algorithm is RS256).

If a customer is interested in going further with REA integrations, please see our Public API Readme.

Responsibilities and Process for Auth Forwarding

Example

Our public key

Related articles