To proceed with SSO integration, you'll need a Stitch SSO client. Stitch provides two different kinds of Sample Clients for local development. These clients come with the important limitation that they can only be used to link test bank accounts.
To create a production client that has full access to the Stitch platform there a few prerequisites that we'll need before we can create a client for you.
These are in no particular order:
Your company's logo for use on our SSO page. This should preferably be in SVG format, though a PNG will also suffice.
A set of redirect URLs are required to redirect back to your application from the SSO flow. These must be served over HTTPS for non-localhost URLs, and are recommended to be on pages distinct from your main ones to prevent login loops.
The required URLs are:
- Login URL: The URL(s) to redirect to when the SSO flow has been completed successfully.
- Logout URL: The URL(s) to redirect to when the user is logged out.
- Reauthorization URL: The URL(s) to redirect to when a user has completed reauthorization of their credentials for a bank, after they have expired.
Localhost may be used for testing purposes. If you're using an OAuth/OpenID library, the library may provide standard redirect URIs.
If you're building a mobile application that uses deeplinks, please ensure that you use a deeplinking format that enforces that you prove ownership of a domain that you control. This prevents linkjacking attacks.
The following client details are used to customise the Stitch SSO user experience:
- The name of the client that'll appear in the SSO user interface
- A URL that provides users with more information about your service