Single Sign On (SSO) - workflow

Question

I am looking to implement SSO in all my future php/angular applications. I see there are services (Auth0, oauth.io, etc) that are sort of the middle man of an SSO app and th

Answer 1

Do I retain the access token and request information from the API source each time they login?

If the token does not expire, you can hold on to it in a data store and use it with each request. Many times, though, the token will expire, and you need to request a new one each time you start a session. In this case you'd probably store the token in memory instead of a permanent storage location.

How do I relate my own application data to the API data?

I think we'd need to know a little more about your application to answer this question.

Would I create a different kind of user record that just contains the access token and application's userid?

Again, we'd probably need a little more information about your application. If you were persisting the token (in the case that it doesn't expire), then you need to make some considerations about how you want to store it. If not, you can probably just put it into a local variable or session.