Skip to main content

Sharethis

https://gitlab.com/powr/powr/-/merge_requests?scope=all&state=merged&search=sharethis

JWT encoding step

Sharethis on their side encodes JWT using following logic

data = {
 first_name: '',
 last_name: '',
 email: '[email protected]',
 component_id: 'abcd1234',
 powr_app_id: '123'
}
jwt_value = JWT.encode(data, secret, "HS256")

Which will produce JWT token, in this case

eyJhbGciOiJIUzI1NiJ9.eyJmaXJzdF9uYW1lIjoiIiwibGFzdF9uYW1lIjoiIiwiZW1haWwiOiJ0ZXN0bWFpbEBnbWFpbC5jb20iLCJjb21wb25lbnRfaWQiOiJhYmNkMTIzNCIsInBvd3JfYXBwX2lkIjoiMTIzIn0.bpveymO1k6U0c4Aww2BH1Dv5AVQX0pC_yQs5NfK8668

Note: JWT token can be decoded on site https://jwt.io/

alt_text

JWT decoding step

jwt = "eyJhbGciOiJIUzI1NiJ9.eyJmaXJzdF9uYW1lIjoiIiwibGFzdF9uYW1lIjoiIiwiZW1haWwiOiJ0ZXN0bWFpbEBnbWFpbC5jb20iLCJjb21wb25lbnRfaWQiOiJhYmNkMTIzNCIsInBvd3JfYXBwX2lkIjoiMTIzIn0.bpveymO1k6U0c4Aww2BH1Dv5AVQX0pC_yQs5NfK8668"
decoded = JWT.decode(jwt, secret, "HS256")

puts decoded.inspect # [{"first_name"=>"", "last_name"=>"", "email"=>"[email protected]", "component_id"=>"abcd1234", "powr_app_id"=>"123"}, {"alg"=>"HS256"}]

Creating POWR app in Sharethis

After navigating to https://sharethis.com/onboarding/ and selecting one of POWR plugins, the iframe with app will load below

alt_text

alt_text

Iframe loads POWR standalone URL params appended

  • platform=sharethis&redirect=true

This params are used to determine if it is onboarding page

alt_text

alt_text

When user clicks the “Save” button, page will be redirected to Sharethis sign up page, with URL containing the POWR app ID from previous step (powr_app_id=30015379 in this case).

alt_text

User performs sign up and on next page clicks “Continue to dashboard”

alt_text

Domain input is required to show POWR plugin

alt_text

Next POWR app standalone page will be loaded in iframe with 2 params in URL

  1. platform=sharethis
  2. jwt=[ENCODED_JWT_TOKEN]

alt_text

Decoding above JWT param will show

  • email - Sharethis user email
  • component_id - unique id of Sharethis page for each (email, domain), i.e. for each email and domain there will be unique “component_id”
  • powr_app_id - (available only if the user navigates from Sharethis onboarding page).

alt_text

Then after clicking “Save” the embed code will appear

alt_text

Edge case: existing POWR user

For security concern, if user is trying to login/signup Sharethis using email that’s already present in POWR, and is navigating to dashboard page, then confirmation message will be sent to email before it will be allowed to proceed with editing the POWR app.

alt_text

alt_text

User receives confirmation email

alt_text

After clicking the email attached verification button, an item is created in DB table “email_platform_verifications” and page redirects to https://platform.sharethis.com/powr-social-feed with verified access.

alt_text