SSO Integration
SSO SSO is the second integration tier. It builds on the Embed integration by adding user identification — connecting your existing user accounts to the FanFest platform.What SSO Enables
Without SSO, FanFest works as an anonymous widget. Users can watch shows, participate in contests, and interact with content, but their engagement is not tied to an identity.
With SSO, you unlock:
- Persistent user identification — users are recognized across sessions and devices
- Cross-platform reward attribution — engagement points and loyalty actions are linked to real user accounts
- Silent authentication — users who are logged in to your site are automatically authenticated in FanFest, with no extra login step
hostLoginFncallback — prompt unauthenticated users to log in when they try to claim rewardshostRewardsFncallback — deep-link users to a rewards page on your site from within the FanFest embed
When You Need SSO vs Embed-Only
| Scenario | Embed Only | SSO |
|---|---|---|
| Display FanFest shows and contests | Yes | Yes |
| Anonymous fan engagement | Yes | Yes |
| Track individual user engagement | No | Yes |
| Attribute loyalty points to users | No | Yes |
| Recognize users across sessions | No | Yes |
| Trigger host-site login from FanFest | No | Yes |
| Deep-link to host-site rewards page | No | Yes |
| Sync data to external loyalty systems | No | Yes (with Full Backend tier) |
Start with Embed if you just want to add fan engagement content to your site. Add SSO when you need to know who is engaging and want to reward them for it.
How It Works: OIDC Silent Authentication
FanFest uses the OpenID Connect (OIDC) silent authentication flow to authenticate users without disrupting their experience. Here is how the flow works at a high level:
- Your site notifies the SDK — When a user logs in to your site, you call
FanFestSDK.login(). - The SDK initiates silent auth — It sends a request to the FanFest API, which returns an authorization URL.
- A hidden iframe handles the OIDC flow — The SDK creates an invisible iframe that navigates to your identity provider's authorization endpoint with the code from the initiation step.
- The identity provider responds — On success, the iframe sends the authorization code and state back to the SDK via the
postMessageAPI. - The SDK validates the authentication — It sends the code and state to the FanFest API for validation.
- The user is identified — The SDK stores the authenticated user data (ID, email, username) in
localStoragefor persistence across page loads.
The entire flow happens in the background with no visible UI — users see no redirects, popups, or loading spinners.
Prerequisites
Before setting up SSO, you need:
- A working FanFest embed — Complete the Quickstart first
- An OIDC-compliant identity provider (Auth0, Okta, Keycloak, Azure AD, or any OIDC provider)
- A deployed website with HTTPS — Silent auth requires secure origins
- FanFest channel admin access — To configure SSO in the dashboard
Next Steps
Ready to set up SSO? Follow the step-by-step setup guide to configure your identity provider and the FanFest dashboard.
| Guide | What You'll Learn |
|---|---|
| SSO Setup | Step-by-step OIDC configuration with screenshots |
| User Identification | How user tracking works, what data is synced, privacy considerations |
| Auth0 Example | Complete Auth0 walkthrough with working code |