EasyAuthentication📖 Theory Question

What is SSO (Single Sign-On) and how is it implemented on the frontend?

💡

Hint

One login grants access to multiple apps — implemented via a shared identity provider using SAML or OIDC/OAuth 2.0 redirects

Full Answer

SSO lets a user log in once to an identity provider (IdP) and gain access to multiple service providers (SPs) without logging in again.

Common protocols:

  • SAML 2.0 — XML-based, enterprise standard (Okta, Active Directory). Browser-redirect flow. Rarely implemented directly by frontend engineers.
  • OpenID Connect (OIDC) — built on OAuth 2.0, returns a JWT ID token. The modern standard for SPAs and mobile apps.

Frontend OIDC flow (PKCE):

  1. User clicks "Login" → app redirects to IdP (/authorize).
  2. IdP authenticates the user, redirects back with an authorization code.
  3. App exchanges the code for ID + access tokens.
  4. App stores tokens (HttpOnly cookie or memory); uses access token for API calls.

Session sharing across apps: The IdP maintains the SSO session (usually via its own cookie). When app B redirects to the IdP, it detects the existing session and redirects straight back without showing the login form.

More Authentication Questions

EasyWhat are the security differences between storing a JWT in localStorage vs an HttpOnly cookie?EasyWhat is refresh token rotation and why is it important?EasyWhat is OAuth 2.0 PKCE and when should you use it?EasyWhat is the difference between authentication and authorization?

Practice this in a timed sprint →

5 free questions, no signup required

⚡ Start Sprint