Skip to main content

Authentication

When accessing SkillSpring APIs, or when embedding SkillSpring UIs in iframes, an OAuth client is used to initiate authentication with your website users.

Requesting an OAuth client for your account​

Each SkillSpring customer can request a single OAuth client to be used for API access and embedding. To request a client, email support@skillspring.com and ask for an OAuth client. We'll work with you to create and properly configure your OAuth client depending on your needs.

Single Sign-On​

If you would like to authenticate your users against your own OIDC or SAML provider, that can be configured. Make sure to discuss that when talking with support about your OAuth client creation. When implementing OIDC SSO, make sure to collect the following information and have it ready to provide to support:

  • Your OAuth Client ID (from your auth system, for SkillSpring to use during SSO)
  • Your OAuth Client Secret (for the above client ID)
  • Your OIDC Issuer URL
  • Your application signout URL
  • Your application callback URL

You will get back from support:

  • SkillSpring OAuth Client ID
  • SkillSpring OAuth Client Secret

Obtaining access tokens with an OAuth client​

Once you have received the OAuth client IDs and secrets, you can enable your application to request authentication and get access tokens for users.

The implementation of OAuth-based authentication is different in every language, and the OAuth 2 website has links to some helpful libraries depending on your programming language.

Exchanging Your Identity Tokens for SkillSpring Access Tokens​

If you are using OIDC based SSO and you already have an identity token, from "Your OAuth Client" above, then you can skip the OAuth flow and exchange your identity token for a SkillSpring access token with an API call.

const tokenResponse = await fetch(`https://api.us.skillspring.com/v1/tokens`, {
    method: 'POST',
    headers: {
        'Content-Type': 'application/json',
    },
    body: JSON.stringify({
        identityToken: <Your ID token from Your OAuth Client>,
        providerName: 'custom',
        oidcClientId: <Your OAuth Client ID>,
        lifeomicClientId: <SkillSpring OAuth Client ID>,
    }),
});

const tokenResponseBody = await tokenResponse.json();
const skillSpringAccessToken = tokenResponseBody.accessToken;

Using an access token to configure an API client​

Once you have an access token for a user, an API client can be created for that user to interact with the SkillSpring API. The APIs for SkillSpring are GraphQL based, and the most common client library is Apollo in JavaScript. Here is an example of how to configure the Apollo client in JavaScript:

import ApolloLinkTimeout from 'apollo-link-timeout';
import { InMemoryCache, InMemoryCacheConfig } from '@apollo/client/cache';
import { ApolloClient, ApolloLink, createHttpLink } from '@apollo/client/core';

const httpLink = createHttpLink({
  uri: 'https://api.us.skillspring.com/v1/connect/graphql'
  headers: {
    'LifeOmic-Account': `your account id`,
    authorization: `Bearer ${accessToken}`,
  },
});

// The API timeout is 10 seconds, so a 10.5 second timeout is very generous to
// cover any extra network latency. This timeout will protect against the
// network going unresponsive
const timeoutMs = 10500;
const timeoutLink = new ApolloLinkTimeout(timeoutMs);

const link = ApolloLink.from([timeoutLink, httpLink]);

const client = new ApolloClient({ link });

// Use your new client

Using non-JavaScript, non-Apollo GraphQL clients are allowed, and the configuration will be similar.