![tradable-bits-long-logo-for-download.png]](https://resources.tradablebits.com/hs-fs/hubfs/tradable-bits-long-logo-for-download.png?height=40&name=tradable-bits-long-logo-for-download.png){kind=logo}
How to Set Up a Native App SSO
Follow the below steps for a token pass integration and set up your SSO.
JWT Integration Flow: Step-by-Step
- User Authentication: The user logs into the native app using their standard credentials. The app's backend generates a secure, short-lived authentication token (e.g., a JWT).
- Webview Initialization with Header: When the user navigates to the Tradable Bits campaign, the native app opens a webview pointing to the provided campaign URL. The app must inject a custom HTTP header into this request containing the authentication token.
- Endpoint Example: https://tradablebits.com/tb_native/<page_tab_id>
- Required Header: Authorization: Bearer <user_auth_token>
- Token Reception & Validation: The Tradable Bits server receives the request, extracts the <user_auth_token> from the Authorization header, and initiates a validation check.
- Server-to-Server User Verification: Tradable Bits' backend makes a secure, server-to-server API call to a dedicated endpoint on the [native app] backend. This is not a call to the user's app. The purpose of this call is to exchange the temporary token for trusted user details.
- [Native App] Responsibility: You must provide a secure backend endpoint (e.g., https://api.nativeapp.com/validate_token) for Tradable Bits to call.
- Request: Tradable Bits will send the <user_auth_token>.
- Response: If the token is valid, your endpoint should return a JSON object with the required user data (see field list below).
- Web Session Creation: Upon successful validation, Tradable Bits creates a standard web session cookie for its domain within the webview. This keeps the user logged in for the duration of their interaction with the campaign.
- Campaign Display: The campaign loads with the user's information (First Name, Email, etc.) pre-populated in the form fields. These fields will be hidden from the user to create a seamless entry flow. If TBits auth/login is enabled in the campaign, the session should allow a full bypass of the login.
Note: If the Tradable Bits Authentication solution is used in the Native App, the app can provide tb_auth_session cookie in the header: X-TBITS-SESSION. TBits will write code to support it accordingly.
Still have questions? Please contact support@tradablebits.com