Authenticating via iframe based Single Sign On, in NodeJS?


I am wanting to embed the UI into an existing website, which already has its own authentication. Through login of the main site they would automatically be linked to a rocket chat session. I have read the documentation on ‘iframe based Single Sign On’, but I am trying to work out the right way to get the auth token from

Here is the NodeJS code I have, which leverages the API package:

    async getRocketChatToken (user: IAccount) {
        let token;
        let password;
        let username;
        let rocketChatUser;

        let response;

        try {
            let response = await{ username: user.username });
            if (response.success && response.user) {
                rocketChatUser = response.user;
        } catch (error) {

        if (!rocketChatUser) {

            // Create user
            const userToAdd = {
                name: user.realName,
                username: user.username,
                password:  this.fixedPassword,
                sendWelcomeEmail: false,
                joinDefaultChannels: false,
                verified: false,
                requirePasswordChange: false,
                roles: ['user']

            response = this.rocketChatClient.users.create(userToAdd);

            if (response.success && response.user) {
                rocketChatUser = response.user;

        if (rocketChatUser) {
            // TODO update avatar
            const client = this.createClient();
            response = await client.login(rocketChatUser.username, this.fixedPassword);
            if (response) {
                token = response.authToken;

        return token;

In this approach we are assigning the same password to all the accounts we create, so that we can login on behalf of the user. Is this correct approach? If not can someone clarify how I should go about things?

Lastly, should the account creating new users have admin privileges?

Server Setup Information

  • Version of Rocket.Chat Server: 3.9.1
  • Operating System: Ubuntu 18
  • Deployment Method: manual / tar
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: v12.18.4
  • MongoDB Version: v4.0.21
  • Proxy: none
  • Firewalls involved: -

Any additional Information

1 Like