SSO Object should contain an Authorization Code. | Voters

SSO Object should contain an Authorization Code.

Donald Moore

Without an Authorization Code, the current SSO Object does not work as a method of Authenticating the User and generating a Session using OAuth 2.0 with PKCE.
My proposal:
{
  "userId": "voyt7xXYSNmCizMl0CPe",
  "companyId": "STsoOZWCeRcFajyk6gL4",
  "role": "admin",
  "type": "account",
  "activeLocation": "WQZjWNMM1muqdOrhPcO3",
  "planId": "658e549b3afeab64858ccad6",
  "code": "[pkce-authorization-code]"
}
The developer should be able to pass the code as a search param to the Redirect URL to log the user in and create the session. This solves a number of different problems, from having to build a separate UI to introduce features that already exist in GHL to managing sessions between multiple locations, multiple users, and even multiple companies.
There's no way to sign the user in without an Authorization Code.
Reference:
https://next-auth.js.org/configuration/providers/oauth
https://blog.postman.com/pkce-oauth-how-to/
https://aaronparecki.com/oauth-2-simplified/

February 13, 2024