Интеграция гибридного SSO провайдера

In addition to the authentication methods provided by Crowdin, you can use the Single Sign-On (SSO) feature to authenticate instantly your users with their existing usernames.

This feature is available in organization plans only.

Crowdin hybrid SSO is actually a faster way to create the translator account than classic SSO like OAuth or SAML.

The entire streamlined process works as follows:

  1. Enable SSO in your account and copy your account API key.
  2. Create a special URL in your system that directs the translator to Crowdin. This URL will contain the translator’s authentication information, as well as the API key you obtained earlier, as URL parameters encrypted with AES.
  3. Crowdin uses these parameters to create an account for the translator and redirects to the desired page. For example, translators can be redirected immediately to the translation editor to begin working.
  4. Translator receives an email with instructions on how to activate the account and must agree to Crowdin’s Terms of Service and Privacy Policy.

Note: Before referring a user to Crowdin, please include a warning that you are sending the translator’s encrypted personal information to the outside party.

If you pass a login name or email to the SSO URL that is already taken at Crowdin, the user will be asked to correct the registration data.

Enabling Single Sign-On (SSO)

Чтобы подключить SSO для ваших проектов, перейдите в настройки профиля, кликните API & SSO, активируйте опцию Включить Single Sign-On и укажите действительное имя провайдера.

SSO URL Parameters

Below is the list of parameters you can pass to Crowdin for automatic registration. In this step, you will need to pack the data as JSON array before encryption (See the sample integrations in popular programming languages below).

Parameter Тип Required Default Example Примечания
user_id строка да 12345678901 A unique identifier for the user (e.g. the user_id in your system).
login строка да johndoe Crowdin login name. Should match the pattern [a-z,0-9]
user_email строка да john.doe@mail.com Valid email address
expiration число да +20 mins from current UTC time 1406124776 Valid Unix timestamp
display_name строка John Doe Pseudo or real name
locale строка en_US de_DE Locale code
projects строка docx-project,csv-project A comma-separated list of Crowdin project identifiers that the translator should initially have access to
gender число 0 1 | 2 1 => male, 2 => female
роль число 0 0 | 1 User role in joined projects.0 => translator, 1 => proofreader
languages строка ro,uk,fr Comma separated list of Crowdin language codes the user should have access to. Used for projects with moderate language access policy
redirect_to строка https://crowdin.com/profile https://crowdin.com/project/your-project-url The Crowdin URL where the translator should land after registration
return_crowdin_login число 0 | 1 Return GET parameter crowdin_login (works in combination with redirect_to parameter)

The output JSON array should look like the following:

{
  "user_id":"12345678901",
  "login":"johndoe",
  "user_email":"john.doe@mail.com",
  "display_name":"John Doe",
  "locale":"de-DE",
  "gender":1,
  "projects":"docx-project,csv-project",
  "expiration":1406124776,
  "role":0,
  "redirect_to":"https:\/\/crowdin.com\/project\/docx-project"
}

Encrypting the Information

JSON созданный на предыдущем шаге должен быть зашифрован с использованием AES 128-CBC. Первые 16 символов включают API ключ вашего аккаунта Crowdin и являются криптографическим ключом, а последние 16 символов будут вектором инициализации. Зашифрованный текст должен быть преобразован в Base64.

The SSO URL should use the following pattern:

https://crowdin.com/join?h={ENCRYPTED_STRING}&uid={CROWDIN_USER_LOGIN}

Where:

{ENCRYPTED_STRING} is the Base64 text you created in the previous step.

{CROWDIN_USER_LOGIN} is the login name of your Crowdin account. Note: this must be the same account you used to create the projects you want the translator to have access to.

Sample Integrations

We’ve created the code snippets for the most major programming languages. Remember to replace CROWDIN_USER_LOGIN, CROWDIN_USER_API_KEY with your personal authentication information.