Flows / Secure SSO

Secure SSO

Production-grade identity. Your server HMAC-signs a base64 user payload; the widget verifies it before trusting any session. Pair with the node-express reference server.

Mode · HMAC Status · loading

src/pages/secure-sso.astro

---
import { FastComments } from 'fastcomments-astro';

const sso = {
  loginURL: 'https://example.com/login',
  logoutURL: 'https://example.com/logout',
};
---

<FastComments tenantId="demo" urlId="demo-secure-sso" sso={sso} />

<script>
  // Your server HMAC-signs a base64 user payload; fetch it + call instance.update
  const r = await fetch('/sso-user-info');
  const info = await r.json();
  const entry = window.__fcInstances?.find(
    (e) => e.base?.urlId === 'demo-secure-sso'
  );
  if (entry) {
    const merged = { ...entry.base, sso: { ...entry.base.sso, ...info } };
    entry.inst.update(merged);
    entry.base = merged;
  }
</script>