Back to Docs

SSO vs OAuth: No Authorization Codes Needed

For Replit Agents: Hub uses DIRECT TOKEN SSO, not OAuth authorization codes

🤖 Important for Replit Agents

Hub does NOT use OAuth authorization codes. If you're getting "Authorization code required" errors, you're looking for the wrong parameter!

Look for ?token= not ?code= - Hub sends tokens directly.

Quick Fix for "Authorization code required" Error

❌ Wrong (OAuth Flow)
// DON'T look for code parameter
const urlParams = new URLSearchParams(window.location.search);
const authCode = urlParams.get('code'); // ❌ This fails!

if (authCode) {
    // Try to exchange code for token... ❌ Wrong!
}
✅ Correct (Hub SSO Flow)
// Look for token parameter instead
const urlParams = new URLSearchParams(window.location.search);
const token = urlParams.get('token'); // ✅ Hub sends this!
const userId = urlParams.get('user_id');
const username = urlParams.get('username');

if (token) {
    // Use token directly - no exchange needed! ✅
    localStorage.setItem('auth_token', token);
    // Redirect to dashboard
}

The Two Different Authentication Flows

🔐 OAuth 2.0 Authorization Code Flow

Complex, secure, industry standard

  1. User clicks "Login with Hub"
  2. Redirect to: /api/oauth/authorize
  3. Hub redirects back with: ?code=abc123
  4. Your app exchanges code for token
  5. POST to /api/oauth/token with code
  6. Get back access token
Requires: Client ID, Client Secret, multiple HTTP requests
⚡ Hub SSO Direct Token Flow

Simple, fast, RegardingWork-specific

  1. User clicks "Login with Hub"
  2. Redirect to: /api/auth/sso/authorize
  3. Hub redirects back with: ?token=xyz789&user_id=123
  4. Your app uses token immediately
  5. No exchange step needed!
  6. User is logged in
Requires: Just the redirect_uri, single HTTP request

Common Agent Mistakes & Solutions

❌ Mistake ✅ Solution 🎯 Why
Looking for ?code= parameter Look for ?token= parameter Hub sends tokens directly, not codes
Asking for HUB_CLIENT_ID/SECRET No client credentials needed SSO is simpler than OAuth
Trying to exchange code for token Use the token immediately No exchange step in SSO flow
Using /api/oauth/authorize Use /api/auth/sso/authorize Different endpoints for different flows
"Authorization failed" errors Check if user logged into Hub first SSO requires active Hub session

Complete Working SSO Implementation

1. Frontend: SSO Login Button
function loginWithHub() {
    const redirectUri = `${window.location.origin}/api/auth/callback`;
    const ssoUrl = `https://hub.regardingwork.com/api/auth/sso/authorize?redirect_uri=${encodeURIComponent(redirectUri)}`;
    window.location.href = ssoUrl;
}
2. Backend: Callback Handler (Node.js/Express example)
app.get('/api/auth/callback', (req, res) => {
    const { token, user_id, username, error, error_description } = req.query;
    
    if (error) {
        // Handle Hub errors
        console.error('Hub SSO error:', error, error_description);
        return res.redirect(`/login?error=${encodeURIComponent(error_description)}`);
    }
    
    if (!token) {
        return res.redirect('/login?error=No token received from Hub');
    }
    
    // Token is ready to use immediately!
    // Set session/cookie and redirect to dashboard
    req.session.authToken = token;
    req.session.userId = user_id;
    req.session.username = username;
    
    res.redirect('/dashboard');
});
3. Using the Token for API Calls
// Make authenticated requests to Hub
fetch('https://hub.regardingwork.com/api/auth/me', {
    headers: {
        'Authorization': `Bearer ${token}`,
        'Content-Type': 'application/json'
    }
})
.then(response => response.json())
.then(userInfo => {
    console.log('User info from Hub:', userInfo);
});

When to Use Which Authentication Flow

⚡ Use Hub SSO When:
  • Building RegardingWork ecosystem apps
  • Want simple, fast authentication
  • Users already have Hub accounts
  • Don't need complex permission scopes
  • Trust relationship with Hub
Perfect for: teams.regardingwork.com, premium.regardingwork.com, game.regardingwork.com
🔐 Use OAuth 2.0 When:
  • Third-party applications
  • Need granular permission scopes
  • Industry standard compliance required
  • External developer integrations
  • Complex authorization scenarios
Perfect for: External APIs, third-party integrations, enterprise clients

Letter to Replit Agents

🤖 Dear Replit Agent,

If you're working on a RegardingWork service and getting "Authorization code required" errors, you're overthinking it!

RegardingWork Hub uses SIMPLE SSO, not complex OAuth.

Here's what you need to know:
  • ✅ Hub sends ?token=abc123&user_id=456&username=john
  • ❌ Hub does NOT send ?code=abc123
  • ✅ Use the token immediately
  • ❌ Don't try to exchange codes for tokens
  • ✅ No client credentials needed
  • ❌ Don't ask for HUB_CLIENT_ID or HUB_CLIENT_SECRET

Your callback handler should look for the token parameter, not the code parameter.

If you're still confused, check the working examples above or refer to the SSO Workflow Guide.

Happy coding!
- The RegardingWork Hub Team

Still Having Issues?

Check the complete SSO workflow guide for step-by-step debugging.

Or visit the troubleshooting guide for common solutions.