Skip to main content
MindTouch Success Center

Create SSO authentication links in PHP (TCS)

Written by Kalid Azad
Solutions Architect at MindTouch
This page applies to:MindTouch TCS

This article explains how to create authentication links in PHP via our Custom SSO workflow. Although this sample uses PHP, authentication links can be easily generated in any modern programming language.

After completing this how-to, you will have authentication links that allow users to log into your MindTouch site. Once a user clicks the link, they will be logged-into the site (and an account created for them, if necessary). Users are optionally redirected to a page of your choosing, or the site homepage by default. 

First Step

Begin by obtaining the following information:

Second Step

Copy the following code sample into a file (authexample.php), and modify the values as required:

  • $apikey - the API key for your site
  • $username - the username to use when logging in
  • $redirect - the location to send the user after being authenticated (typically the root page of your site)
$apikey = 'YOUR-API-KEY';
$username = 'test-username';
$redirect = urlencode("");

// create the MD5 authhash
$timestamp = time();
$auth_hash = md5("{$username}:{$timestamp}:{$apikey}");

// create the token
$imp_auth_token = "imp_{$timestamp}_{$auth_hash}_={$username}";

// depending on your HTTP client, you may or may not need to URL encode the token
$imp_auth_token = urlencode($imp_auth_token);

echo "Auth token: \n";
echo "\n";

// Send the user to this URL to log them in and redirect to their final location
echo "Link for users:\n";
echo "" . $imp_auth_token . "&redirect=" . $redirect;
echo "\n";

Third Step

We can now execute the file to generate the link. This can be done easily from the command-line:

kazad@kazad-air $ php authexample.php 
Auth token: 
Link for users:

You can verify the authentication token and link are valid by copying the link into a new browser session. After visiting the link, the user is immediately logged-in and redirected to the site. From their perspective, it was a single click to access the site.

Implementation NotesEdit section

Impersonation tokens are only valid for a short time period, and shouldn't be printed in the page itself. Instead, generate the authentication link dynamically, after the user clicks a help link in your application. For example, a help link might be "<somearticle>", where the SSO page generates the token and redirects the user.

What's Next

After verifying the example, integrate the code sample into your custom SSO workflow.

  • Was this article helpful?