In this article, I’m gonna explain that how to do FreshDesk SSO login using JWT token in C#, How to allow users to access Freshdesk by clicking the support link in our web application. If you have your own identity provider then SSO with JWT is the most suitable method for you.
Their Relevant Document: https://support.freshworks.com/support/solutions/articles/50000000670
How it will work?
In this article, I want to redirect my customers to https://{subdomain}.freshdesk.com/support/home when they click on the support link in my application. (Replace {subdomain} with your subdomain) So, when users click on the support link, we will redirect them to this link: https://{subdomain}.freshdesk.com/support/home
If the user is not already login and we have SSO with JWT configured then they will redirect to our site at whatever URL we have configured. URL looks like this https://YourCompanyDomain.com/sso/jwt/login?client_id=a13v13&state=hgdg43567&nonce=1545894408&grant_type=implicit&scope=profile+openid+email
We need to retrieve “state” and “nonce” from the above URL. Using them we can generate the token and redirect our users to the URL and they will automatically be signed in. So let’s start it.
Configured SSO with JWT in Freshdesk
To configure SSO, first, you need to login into your Freshdesk and go to Admin > Account > Security See the below screenshot. After clicking on the security, you will redirect to the security page, where you can see the option for enabling SSO login. Click on Configure Freshworks SSO
After clicking Configure Freshworks SSO, click on Contacts then after clicking on Custom Policies then after that click on create new policy button to create a new policy.
By clicking on the new policy button you will redirect to the below page where you need to complete 3 steps. In the first step, you need to select at least one account or portal to proceed and click the Next button. On the second step enable the SSO login method.
After enabling the SSO method you can see the below options for the SSO methods. From that options, click on the JWT option.
After selecting the option you will get the form for JWT configuration. In that form, you can see the below fields.
Redirect URL: After successful authentication, the user will redirect to this URL.
Authorization URL: we need to configure this authorization URL to instruct Freshworks to redirect the user at our end to complete the authentication flow. Set your endpoint URL here.
RSA Public Key: We need to generate an RSA key and set RSA public key here and we will keep our private key. You can generate the RSA key from here, https://www.csfieldguide.org.nz/en/interactives/rsa-key-generator/. Select parameters as 1024bits PKCS#8 (base(64) to generate RSA key.
Once you are done with the setup click on Configure SSO button. In the 3rd step, you can edit the name of the created policy and set the logo. After that click on the Finish button.
SSO configuration is done once you completed all the steps. Now It’s time for the code part.
C# Code
Below is the code for SSO login authentication. In the below code function is accepting the query string parameters which Freshdesk sent to our portal. Using them and RSA keys we will generate the JWT token then we will pass it with the redirect URL which we have got during the SSO configuration.
I have saved the RSA key in the file and added it to my project. So here I’m fetching them from the files. PemKeyUtils is a class that contains methods to read pem strings. Download the class file here.
public void FreshdeskSSOJwtLogin(string client_id, string state, string nonce, string grant_type, string scope) { string result = string.Empty; try { RSACryptoServiceProvider Publicprovider = PemKeyUtils.GetRSAProviderFromPemFile(Server.MapPath("~/RSAKeys/RSAPublickKey.pem")); RSAParameters Publicparam = Publicprovider.ExportParameters(false); var publicKey = RSA.Create(); publicKey.ImportParameters(Publicparam); RSACryptoServiceProvider Privateprovider = PemKeyUtils.GetRSAProviderFromPemFile(Server.MapPath("~/RSAKeys/RSAPrivateKey.pem")); RSAParameters Privateparam = Privateprovider.ExportParameters(true); var privateKey = RSA.Create(); privateKey.ImportParameters(Privateparam); var token = JwtBuilder .Create() .WithAlgorithm(new RS256Algorithm(publicKey, privateKey)) .AddClaims(new Dictionary<string, object> { { "sub", "user id in your system" }, { "email", "email" }, { "iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString() }, { "nonce", nonce }, { "given_name", "firstname" }, { "family_name", "lastname" }, { "company", "organization" }, }) .Encode(); result = "https://subdomain.freshworks.com/sp/OIDC/1234567890/implicit?state=" + state + "&id_token=" + token; } catch (Exception ex) { } Response.Redirect(result); }