Skip to content
Vuukle Docs

SSO overview

Single Sign-On (SSO) lets logged-in users on your site comment without ever seeing the Vuukle login modal. Their identity flows from your auth system into Vuukle via a signed token.

How it works

  1. Your backend generates a signed token using the user’s email, your secret API key, and SHA-512 + Base64 encoding. The token includes username, email, public key, and a signature.
  2. Your page includes the token in the Vuukle bootstrap script — the comment widget reads it and the user is authenticated.

Generate a token

The token is a Base64-encoded JSON object with four fields: username, email, public_key, and a SHA-512 signature.

Example signature input:

mous@email.com-07115720-6848-11e5-9bc9-002590f371ee

SHA-512 output (uppercase hex):

0C9C314E36B781786DA65F2CF7E30C7352655273786831314A9394A29277CEB59DB3005203A42F2DEA8A15A44630243E5B4F10C19AB0C7D703AC29D6C78A0180

Wrapped into a JSON object:

{
  "username": "Sample User Name",
  "email": "mous@email.com",
  "public_key": "ead41e46-a5fd-11e2-bc97-bc764e0492cc",
  "signature": "0C9C314E36B781786DA65F2CF7E30C7352655273786831314A9394A29277CEB59DB3005203A42F2DEA8A15A44630243E5B4F10C19AB0C7D703AC29D6C78A0180"
}

Base64-encode (UTF-8) to get your SSO token:

ewogICAgInVzZXJuYW1lIjogIlNhbXBsZSBVc2VyIE5hbWUiLAogICAgImVtYWlsIjogIm1vdXNAZW1haWwuY29tIiwKICAgICJwdWJsaWNfa2V5IjogImVhZDQxZTQ2LWE1ZmQtMTFlMi1iYzk3LWJjNzY0ZTA0OTJjYyIsCiAgICAic2lnbmF0dXJlIjogIjBDOUMzMTRFMzZCNzgxNzg2REE2NUYyQ0Y3RTMwQzczNTI2NTUyNzM3ODY4MzEzMTRBOTM5NEEyOTI3N0NFQjU5REIzMDA1MjAzQTQyRjJERUE4QTE1QTQ0NjMwMjQzRTVCNEYxMEMxOUFCMEM3RDcwM0FDMjlENkM3OEEwMTgwIgp9

A full code-sample (Node/Python/PHP) is on the SSO token reference page.

Use the token on the page

<script>
  var VUUKLE_CONFIG = {
    apiKey: 'YOUR_PUBLIC_API_KEY',
    articleId: 'post-12345',
    comments: {
      auth: {
        sso: { onClick: openYourLoginModal },
      },
    },
  };
  (function () {
    var d = document, s = d.createElement('script');
    s.onload = function () {
      vuukleLogin('YOUR_BASE64_SSO_TOKEN_HERE');
    };
    s.src = 'https://cdn.vuukle.com/platform.js';
    (d.head || d.body).appendChild(s);
  })();
</script>

Replace openYourLoginModal with your own function that opens your auth UI for users who aren’t yet logged in.

Force SSO-only logins

To remove Vuukle and social login buttons and only use SSO:

  1. Dashboard → Site Settings → Comment Widget → Login Settings → Set login method to SSO only.
  2. Or via JS: set every comments.auth.* to false except sso.

Logging out

Vuukle exposes a global vuukleLogout() function. Call it after your own logout completes:

window.vuukleLogout && window.vuukleLogout();
Was this page helpful?
Help us improve — drop a note or open the dashboard.
Email support Open dashboard ↗ Suggest an edit ↗