# Configuration

SSO Client can be customized for each application's needs. At a bare minimum, you should provide two things:

  1. appDefinitionId

# appDefinitionId

The app definition ID is simply the name of the app, as declared in 211CS Admin.

To integrate your app into 211CS SSO, you must first register it in 211CS Admin codebase as an AppDefinition. The id value in that definition file goes into your SSO Client's appDefinitionId setting.

# Full list

Here's a list of all possible SSO Client settings:

export type SingleSignOnConfig = {
  /**
   * The url for the single sign on service.
   * e.g.: https://sso.211cs.test
   */
  singleSignOnUrl: string;

  /**
   * Where to load JWKS to verify JWT key?
   * You can leave this empty, and it will default to:
   * ${singleSignOnUrl}/.well-known/jwks.json
   */
  jwksUri: string;

  /**
   * The main application is where organizations
   * sign up and manage their 211CS subscriptions
   */
  isMainApplication: boolean;

  /**
   * Role requirements for the user.
   * Users with any role is allowed by default.
   * This parameter is ignored for the main application, and is fixed to "admin"
   */
  roles?: string[];

  /**
   * If it's a non-proxied app, use the app definition id
   * to introduce this app to 211CS SSO.
   */
  appDefinitionId?: string;

  /**
   * When SSO flow is completed, this endpoint will be called
   * it's used by the koa helpers in this library.
   */
  callbackPath?: string;
};