Back to Participants

Mini-App Integration Guide

For internal RegardingWork services using SSO

What is a Mini-App?

A Mini-App is a trusted service that's part of the RegardingWork ecosystem family. Mini-Apps use SSO (Single Sign-On) for seamless user authentication without complex OAuth flows.

Current Mini-Apps:
RegardingWork Services:
  • game.regardingwork.com - Gaming Platform
  • premium.regardingwork.com - Premium Services
  • display.regardingwork.com - Display Service
  • desk.regardingwork.com - Desk Service
  • teams.regardingwork.com - Teams Management
Trusted Partner Services:
  • tx.licensedbank.com - Banking Platform
  • alivefor.com - Partner Application
  • Other approved partner domains
Key Characteristic: Mini-Apps are trusted services in the RegardingWork ecosystem network, including both RegardingWork subdomains and approved partner domains.
Mini-App Authentication Options

Mini-apps should offer two authentication methods for the best user experience:

🥇 Primary: SSO (Recommended)

One-click login via RegardingWork Hub

  • ✅ Seamless user experience
  • ✅ No password entry needed
  • ✅ Single logout across ecosystem
🥈 Secondary: Direct Login

Manual username/password entry

  • ✅ Fallback when SSO unavailable
  • ✅ User preference option
  • ✅ Faster for power users
Live Example: alivefor.com/login demonstrates the ideal dual authentication pattern that mini-apps should follow.
Option 1: SSO Integration Flow
1. User Clicks Login

User visits your mini-app and clicks login button.

2. Redirect to Hub

Mini-app redirects to Hub's SSO authorization endpoint.

3. Hub Authentication

Hub authenticates user (login form if needed).

4. Token Redirect

Hub redirects back with JWT token in URL.

5. Token Validation

Mini-app validates token with Hub API.


sequenceDiagram
    participant User
    participant MiniApp
    participant Hub
    
    User->>MiniApp: Click Login
    MiniApp->>Hub: Redirect to /api/auth/sso/authorize
    Hub->>User: Login form (if needed)
    User->>Hub: Credentials
    Hub->>MiniApp: Redirect with ?token=jwt
    MiniApp->>Hub: Validate token /api/auth/validate
    Hub->>MiniApp: User data
    MiniApp->>User: Logged in dashboard
Option 2: Password Grant Flow
1. User Enters Credentials

User provides RegardingWork username and password.

2. Direct API Call

Mini-app calls Hub's login API directly.

3. Token Response

Hub returns access and refresh tokens.

4. Store Tokens

Mini-app stores tokens for API calls.


sequenceDiagram
    participant User
    participant MiniApp
    participant Hub
    
    User->>MiniApp: Enter username/password
    MiniApp->>Hub: POST /api/auth/login
    Hub->>Hub: Validate credentials
    Hub->>MiniApp: Access & refresh tokens
    MiniApp->>User: Logged in dashboard
Recommended UI Pattern (Based on alivefor.com)

Follow the alivefor.com/login pattern for optimal user experience:


<!-- Primary SSO Option -->
<div class="sso-section">
    <h3>Login to [Your App Name]</h3>
    <p>Save your data and access your profile</p>
    
    <a href="#" onclick="startSSO()" class="btn btn-primary btn-lg w-100 mb-3">
        <i class="fa fa-shield"></i> Sign in with RegardingWork Hub
    </a>
    <p class="text-muted">Unified access across all RegardingWork services</p>
</div>

<!-- Divider -->
<div class="text-center my-4">
    <span class="text-muted">Or sign in directly</span>
</div>

<!-- Secondary Direct Login -->
<form onsubmit="loginDirect(event)" class="direct-login-form">
    <div class="mb-3">
        <label>RegardingWork Username</label>
        <input type="text" name="username" class="form-control" required>
    </div>
    <div class="mb-3">
        <label>Password</label>
        <input type="password" name="password" class="form-control" required>
    </div>
    <button type="submit" class="btn btn-outline-primary w-100">
        Login Directly
    </button>
</form>

<!-- Registration Link -->
<div class="text-center mt-4">
    <p>Don't have a RegardingWork account?</p>
    <a href="https://hub.regardingwork.com/register" class="btn btn-link">
        Create RegardingWork Account
    </a>
    <p class="text-muted small">Register at RegardingWork Hub for full ecosystem access</p>
</div>
Implementation Steps
Step 1 Register Your Domain

Contact Hub admin to add your domain to the SSO allowed domains list.

Examples of approved domains:
  • RegardingWork services: *.regardingwork.com
  • Trusted partners: tx.licensedbank.com, alivefor.com
Required: Your domain must be added to Hub's SSO domains before integration will work.
Step 2 Implement Both Authentication Methods
Method 1: SSO Authentication

// SSO login function
function startSSO() {
    const redirectUri = encodeURIComponent('https://your-app.com/api/auth/callback');
    const ssoUrl = `https://hub.regardingwork.com/api/auth/sso/authorize?redirect_uri=${redirectUri}&service=your-app`;
    window.location.href = ssoUrl;
}
Method 2: Direct Password Grant

// Direct login function
async function loginDirect(event) {
    event.preventDefault();
    const formData = new FormData(event.target);
    
    try {
        const response = await fetch('https://hub.regardingwork.com/api/auth/login', {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
            },
            body: JSON.stringify({
                username: formData.get('username'),
                password: formData.get('password')
            })
        });
        
        const result = await response.json();
        
        if (result.access_token) {
            // Store tokens
            sessionStorage.setItem('access_token', result.access_token);
            sessionStorage.setItem('refresh_token', result.refresh_token);
            
            // Redirect to dashboard
            window.location.href = '/dashboard';
        } else {
            alert('Login failed: ' + result.error);
        }
    } catch (error) {
        alert('Login error: ' + error.message);
    }
}
Step 3 Handle SSO Callback

Create an endpoint to receive the token from Hub:


// SSO callback endpoint: /api/auth/callback
app.get('/api/auth/callback', (req, res) => {
    const token = req.query.token;
    
    if (!token) {
        return res.redirect('/login?error=no_token');
    }
    
    // Store token in session/cookie
    res.cookie('auth_token', token, { 
        httpOnly: true, 
        secure: true, 
        sameSite: 'strict' 
    });
    
    // Redirect to dashboard
    res.redirect('/dashboard');
});
Step 4 Validate Tokens

For protected API calls, validate tokens with Hub:


// Token validation middleware
async function validateToken(req, res, next) {
    const token = req.cookies.auth_token || req.headers.authorization?.replace('Bearer ', '');
    
    if (!token) {
        return res.status(401).json({ error: 'No token provided' });
    }
    
    try {
        const response = await fetch('https://hub.regardingwork.com/api/auth/validate', {
            headers: {
                'Authorization': `Bearer ${token}`
            }
        });
        
        const result = await response.json();
        
        if (!result.valid) {
            return res.status(401).json({ error: 'Invalid token' });
        }
        
        req.user = result.user;
        next();
    } catch (error) {
        return res.status(500).json({ error: 'Token validation failed' });
    }
}
Step 5 Implement Logout

Clear tokens and optionally redirect to Hub logout:


// Logout endpoint
app.post('/api/auth/logout', (req, res) => {
    // Clear local token
    res.clearCookie('auth_token');
    
    // Optional: Redirect to Hub logout for complete SSO logout
    const logoutUrl = 'https://hub.regardingwork.com/logout';
    res.json({ redirect: logoutUrl });
});
Hub API Endpoints for Mini-Apps
SSO Endpoints
Endpoint Method Purpose Parameters
/api/auth/sso/authorize GET SSO authorization redirect_uri, service
Direct Authentication Endpoints
Endpoint Method Purpose Parameters
/api/auth/login POST Direct login with username/password username, password
Common Endpoints (Both Methods)
Endpoint Method Purpose Parameters
/api/auth/validate GET Token validation Authorization: Bearer {token}
/api/auth/refresh POST Refresh token refresh_token
/api/auth/me GET Get user profile Authorization: Bearer {token}
Common Issues & Solutions

Problem: Your domain isn't in Hub's SSO allowed domains list.
Solution: Contact Hub admin to add your domain to the SSO domains list via admin panel.

Problem: Token format or validation endpoint issues.
Solution:
  • Check token format: Authorization: Bearer {token}
  • Verify validation URL: https://hub.regardingwork.com/api/auth/validate
  • Ensure token isn't expired or corrupted

Problem: Initial SSO works but subsequent API calls fail.
Solution:
  • Check if token is properly stored and retrieved
  • Verify all API calls include proper Authorization header
  • Check CORS configuration on Hub
Related Documentation
SSO vs OAuth Explanation
Detailed SSO Workflow
API Reference
Third-Party Integration