Owner: @Mingjie Jiang
<aside>
⚠️
This version of Recess SSO will be slowly phased out over the next 2 months. Please read Recess SSO v2: API Changes Preview to understand upcoming changes, and reach out to us to be notified when the new version is ready.
</aside>
Principles
- We are not OAuth yet, but we try to create similarly-shaped API for ease of integration.
- Client applications have no additional access to Recess user data beyond what’s provided in the token. Applications are responsible for maintaining their own user database.
- Minimal! Integration! Time!
Quick Start
- 1. Register your application (manual) (buzz Mingjie for this)
- 2. Issue your first token
- 3. Processing the token
Flow Diagram
https://embed.figma.com/board/B0DIVJVptYbarPmyecN2Av/Recess-SSO?node-id=0-1&embed-host=share
Possible Errors
- Your
client_id
and redirect_uri
must match the URLs registered in our system exactly. If not, user may get an error similar to this: Invalid client_id
and they will be stuck on Recess.
Cautions
You are responsible for:
- Validating the token against the JWT secret
- Storing the token to your user’s device. while respecting the expiration time
- Maintaining your own database of user data
You are advised to: