If you want to use SSO, simply redirect the user to AppTracker with a query parameter "sso_token". We make a POST call to your "verify token" url, with the body { token: "the-sso-token" }, if this endpoint returns an object with the property "email" the user will be logged in with that email.