Login By URL Parameters

Sometimes we need to redirect to our other websites without login again. In addition to single sign-on, we can also add a URL parameter to achieve automatic login.

The Process of Login By URL Parameters

The frontend requests the backend API to get the loginSign string for setting the redirect URL parameters. The redirect URL like https://xxx.com/xxx?loginSign=xxx

The backend constructs the loginSign value

  • Query the redirected website username and password.
  • Generate a random string.
  • Get the current timestamp.
  • Use the RSA public key to encrypt the username, password, timestamp, randomStr.

Return the loginSign value to frontend.

The client user clicks the redirect URL.

When the target website frontend checks that the loginSign parameter appears on the web page URL, it uses this parameter to request login automatically.

The target website backend decrypts the loginSign value, and checks the username and the password. If they are correct returns an access token, otherwise, returns an error code.

Construct the URL Parameter loginSign

Add a newline \n (ASCII 0x0A) to the end of each parameter.

  • timestamp: the request timestamp.

Use the RSA public key to encrypt the string {username}\n{password}\n{timestamp}\n{randomStr}\n

Verify the URL Parameter loginSign

Use the RSA private key to decrypt the loginSign value.

Verify the request timestamp if it’s within 60 seconds of the current time.

Verify the username and password.