How to manually create a session and a cookie with proprietary SSO?
I’m working with a big enterprise platform that has a proprietary single sign-on (SSO) process. This platform will post an encrypted payload to an endpoint on my server. I have been given a key to decrypt this payload, and inside this payload is all of the user information like email, name, etc.
Simplified, I receive a trusted POST message to an endpoint with a user's email. How can I check to see if this user exists, manually create a session for this user, and then redirect them back to a URL after this happens?
Simplified, I receive a trusted POST message to an endpoint with a user's email. How can I check to see if this user exists, manually create a session for this user, and then redirect them back to a URL after this happens?
