Single Sign-On in Legacy Packages

The ability to create legacy packages was deprecated in August 2019. All new packages are enhanced packages.

Marketing Cloud Engagement provides the authentication context of the logged-in user and account using a JSON Web Token (JWT). The single sign-on (SSO) flow uses a JWT-based version of the IDP-Initiated Form Post SAML 2.0 flow. JWT transfers claims between two parties using JavaScript Object Notation (JSON) that is Base64URL encoded and signed using the HMAC SHA-256 algorithm.

When your application is called, Marketing Cloud Engagement posts the encoded JWT to the login endpoint defined in the installed package. The JWT lets your application know which account and user is calling the API.

Marketing Cloud Engagement posting encoded JWT to your app.

The following libraries provide support for generating a JWT (JSON Web Token):

Ruby: ruby-jwt (by progrium)
Python: pyjwt (by progrium)
Java: jsontoken
node.js: node-jwt-simple (by hokacca)
PHP: jwt (by luciferous)
.NET: jwt (by johnsheehan)

If none of these libraries suits your needs, create your own. Details of the JWT format are in the draft JWT specification.