Magento 2 SSO Solution Using JWT? Wow, That Was Easy

By Edwin Spradley


“The two systems need to be integrated.” As a merchant in the e-commerce space, this can be a very unsettling realization. You think back to your last systems integration when your e-commerce agency far exceeded both the agreed upon timeline and budget. You start evaluating all of the disappointing experiences you’ve had with your current agency and sweat begins to stream down your forehead as you think “they can’t even get my site to load fast and now they have to integrate with another system?”

Systems integrations can be very challenging, but fortunately there are many ways to minimize, if not completely eliminate, the pain associated with such a venture. At ExpandLab, we were recently asked to complete a single, single sign-on feature for a customer who had a marketing system completely separate from their e-commerce site. Further complications arose when we realized we needed to find a way to automatically log a user in to the opposing system so that they didn’t have to log in twice. 

We aren’t going to go too far into the details of the systems at play here for proprietary reasons. But below I’ve listed a basic step-by-step process explaining how we went about the challenge of the Single Sign On (SSO) feature and how we built it from scratch in just over a week’s time.

Step 1: Research, research, research.

The first step in any project is the drawing board. We needed to determine which software would be the best fit for this particular customer and looked into Magento2, Secure SSO solutions, etc. Although this project had a quick turnaround and tight deadline, we had to be sure we were starting with the right foundation or the whole thing would have fallen apart.

Step 2: The pitch, take one.

It seemed the best option was a SAML based SSO option. The customer already had an active directory server for their corporate accounts and there were alternative providers, such as One Login, Okta, Ping Identity that could be used.  We even found a module built by Sixto Martin who boasts of having considerable experience building SAML plugins and toolkits. But there was one big problem. The pricing for a cloud based provider was astronomical. We are talking an average of $2 – $6 per user. This is a site that had several million customers and clearly that pricing wasn’t going to work.

Step 3: A lightbulb moment.

While we were down we weren’t defeated. We continued to reach out SAML providers as we started evaluating other options. We had run across a few ideas during research, but nothing that we thought was a robust solution or could solve all of our problems on a tight budget and timeline. That’s when a new idea popped up from, who else, the new guy in our office. He suggested using JWT and, voila, a solution was found.

JWT worked because it would allow us to tokenize claims securely between the two systems using the industry standard RFC 7519 method (to paraphrase their tagline). This meant that we could pass sensitive data back and forth without someone being able to hijack the data. The question was then, could we build this type of integration in under two weeks?

Step 4: The build. 

So we went to work. No existing plugins were available for Magento 2 and JWT, so we had to build it from scratch. We settled on using JWT’s firebase library for PHP because it had everything we wanted including the broadly support HS256 encryption type. The whole process ended up taking just over a week from start to finish and the solution is now processing thousands of secure transmissions daily. That’s what happens when you think outside the box and dedicate the right amount manpower and resources to an intensive web project.


Want to learn more or share your experiences? Reach out to Edwin Spradley, Director of Software Development at ExpandLab and author of this article.

Comments are closed.

Contact us today! Let's talk about how we can help grow your business.

Contact Us