JWT Single Sign On

Aiera supports a lightweight JWT based SSO.

‣

Aiera will provide customer with a shared secret for signing the JWT token. The JWT token should be signed using HS256 (HMAC-SHA256).

‣

The JWT token is expected to include these claims

Claim	Type	Description
sub	string	User ID in customer system
email	string	Email address / username of customer
exp	int	Expiration date of this token in seconds since epoch
jti	string	Unique ID of this JWT token
iat	int	Time in seconds since epoch representing when this token was created
first_name	string	Customers first name
last_name	string	Customers last name
tz	string	Customers time zone
org_id	string	Unique identifier for a sub-org to be used/created
org_name	string	Name of any sub-org

‣

Sample code for generating a JWT token (Python)

‣

Customer will generate the JWT token server side, and construct a login URL to login to Aiera.