{"info":{"_postman_id":"33eebca2-2c5b-4b07-9bd6-8b7d34a80a0a","name":"smzero® SSO","description":"

Disclaimer

All information contained in this documentation must be kept confidential. To use this integration, you must follow our terms of use and be aware of our privacy and cookie policies. The smzero® API was developed according to HITRUST CSF standards, for the highest levels of requirements and certifications on the market.

About of this API

Now smzero Users can login in Third Party Applications and smzero Connect services using the same login of smzero.

To use smzero authentication, you must first create an application within smzero, for this you have application and integrations administrator role and create an OAuth 2.0 application, with the name of the service that will authenticate with smzero.

If it is a smzero Connect, this step has probably already been completed. Then we will move on to the authentication step.

\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"5536699","collectionId":"33eebca2-2c5b-4b07-9bd6-8b7d34a80a0a","publishedId":"2sA3e2e9K8","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"0099ff"},"publishDate":"2024-07-08T15:50:57.000Z"},"item":[{"name":"Get Started","id":"9ce24ae7-2db7-445a-81fe-c4a91b069edb","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"REDIRECT","header":[],"url":"https://auth.smzero.com.br/","description":"

Starting authentication

This is the first step to create an Auth using smzero SSO. Above is a code example of how to implement this redirection in your application.

We will use some const to declare some items in this example, we strongly recommend setting it as environment variables:

const keyName = 'smzero_auth';\nconst smzeroAuthUrl = 'https://auth.smzero.com.br/';\nconst smzeroApiUrl = 'https://api.smzero.com.br/auth/isTokenValid';\nconst token = localStorage.getItem(keyName);\n\n

Check if you have a token

Let's do some validations, to see if this user already has a valid token, if not, redirect to smzero Auth URL, for create:

if (!token) {\n    window.location.href = smzeroAuthUrl;\n}\n\n

\n
Note: for smzero Connect, after your redirect, for https://auth.smzero.com.br/ integration, the user must log in and after logging in, within smzero Clinic Manager they must choose the option to access smzero Connect. After this user will be redirected to configured URI, https://{redirectUri}/auth?token=, now get the token and save.
\n

If you have, continue your flow

Now, if he has a valid token saved in local storage, allow to log in. This is an example of how to handle if the user already has a valid token:

else\n {\n    $.ajax({\n        url: smzeroApiUrl,\n        type: 'post',\n        headers: {\n            Authorization: 'Bearer ' + token,\n        },\n        success: function (data) {\n            localStorage.setItem(keyName, token);\n            window.location.href = '/'; // home of your web app\n        },\n        fail: function () {\n            window.location.href = smzeroAuthUrl;\n        }\n    });\n}\n\n

This request has a example here: (token-validation)

Final code

When the deployment is finished, your code should look like the example below:

<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n    <title></title>\n    <script>\n        const keyName = 'smzero_auth';\n        const smzeroAuthUrl = 'https://auth.smzero.com.br/';\n        const smzeroApiUrl = 'https://api.smzero.com.br/auth/isTokenValid';\n        const token = localStorage.getItem(keyName);\n        if (!token) {\n            window.location.href = smzeroAuthUrl;\n        }\n        else\n        {\n            $.ajax({\n                url: smzeroApiUrl,\n                type: 'post',\n                headers: {\n                    Authorization: 'Bearer ' + token,\n                },\n                success: function (data) {\n                    localStorage.setItem(keyName, token);\n                    window.location.href = '/'; // home of your web app\n                },\n                fail: function () {\n                    window.location.href = smzeroAuthUrl;\n                }\n            });\n        }\n    </script>\n</head>\n<body>\n</body>\n</html>\n\n

Validate Token for Requests

When making requests to smzero, you will need a decode the JWT, this can be done directly as in the example below or using some library, we recommend jwt-decode.

function parseJwt(token) {\n    const base64Url = token.split('.')[1];\n    const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');\n    const jsonPayload = decodeURIComponent(window.atob(base64).split('').map(function (c) {\n        return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n    }).join(''));\n    return JSON.parse(jsonPayload);\n}\n$(function () {\n    const token = parseJwt(localStorage.getItem('smzero_auth'));\n    $('#username').text(token.unique_name);\n});\n\n

\n","urlObject":{"protocol":"https","path":[""],"host":["auth","smzero","com","br"],"query":[],"variable":[]}},"response":[],"_postman_id":"9ce24ae7-2db7-445a-81fe-c4a91b069edb"},{"name":"Token Validate","id":"f6205d55-818d-4bd0-a21f-c2b0fcf7eb8f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[],"url":"https://api.smzero.com.br/auth/isTokenValid","description":"

This is the request used to validate the saved token every time the user enters the application.

\n","urlObject":{"protocol":"https","path":["auth","isTokenValid"],"host":["api","smzero","com","br"],"query":[],"variable":[]}},"response":[],"_postman_id":"f6205d55-818d-4bd0-a21f-c2b0fcf7eb8f"}]}