Back to Flow Platform

Link-Out Authentication

In order to integrate with Link-Out, a password-less authentication can be configured for their users that exist on the Flow system, created from a content feed.

The process is based on creating a unique link URL for each product or “Boost” location on the platform, where the user will be redirected to the Flow authentication endpoint and then to the Flow environment seamlessly. The partner may choose to pre-seed these URLs on page load, or dynamically create them whenever the link-out Call-To-Action is clicked by the user.

The unique URL will contain the following structure: {{Base URL}}&{{Querystring Parameters}}

This base URL will be: https://app.flowliving.com/login/link-out?mode=linkOut

Step by Step SSO Guide

  1. Gather Authentication Information from Flow & Base URL set-up

Base URL for Link-Out: The URL that users will be redirected to when accessing Flow. For production, this URL structure is typically: {{Base URL}}&{{Querystring Parameters}}

Parameter
Description

clientID

Pre-agreed client ID that will identify the integration partner

apiKey

Pre-shared API Key linked to the clientId

token

Unique JWT token generated by the partner’s system for that specific agent/user and property

Organisation must ensure they store the clientID and apiKey combination securely on their platform

  1. Create the JWT Token Generation Service

  • You’ll need to set up a service on your system to generate JWT tokens for each user session. Follow the guidelines for creating the JWT depending on whether you use Link-Out Basic or Advanced

  • Signing: Sign the JWT with the HS256 algorithm, using the apiKey provided by Flow as the secret key.

  1. Construct the Link-Out URL with Query Parameters

Once you’ve generated the JWT, build the Link-Out URL by appending the required query parameters:

-- Link-Out Query Structure --
https://app.flowliving.com/login/link-out?mode=linkOut&clientId=YourClientID&apiKey=YourApiKey&token=YourJWTToken

  1. Test the Link-Out URL

  • Generate a Sample JWT: Using your JWT generation service, create a test JWT with sample user and campaign data.

  • Access the Link-Out URL: Open the constructed URL in a web browser or test environment. Ensure that:

    • Users are redirected to Flow without requiring additional login credentials.

    • The campaign or action specified in the route is pre-populated with the provided information (e.g., agent details, property ID).

Troubleshooting: Common issues may include:

  • Incorrect clientId or apiKey: Double-check these values to match what Flow provided.

  • Invalid JWT token format or signature: Ensure the token uses the correct HS256 signing and that the payload is properly structured.

  1. Secure and Automate the JWT Generation Process

  • Store Keys Securely: Ensure that the clientId and apiKey are stored securely in your system, with restricted access.

  • Automate URL Creation: Configure your platform to dynamically generate Link-Out URLs with JWT tokens each time a user clicks a link to Flow. This setup can be triggered by user actions or scheduled processes.

  • Expire Tokens if Needed: Optionally, set an expiration (exp) in the JWT payload to limit the token’s validity period, adding another layer of security.

  1. Go Live and Monitor Access

  • Once testing is complete, go live with the Link-Out integration. Monitor user access to ensure that tokens are correctly generated, URLs are functioning, and users are accessing Flow as expected.

  • Support: Work with Flow support for ongoing assistance and monitoring to troubleshoot any issues related to SSO.

PreviousLink-Out Set-Up StepsNextLink-Out Advanced: For clients with a feed configured

Last updated