How can my app (an iframe loaded by salesforce) confirm that the user is logged in to salesforce?

Question

We're building a salesforce app, and I need to auth against a user's SF user (so they don't have to log in to SF, then also log into our system).

So I from our app, I want to bounce off of SF and: 1) confirm that the user is logged in to salesforce. 2) get (or confirm, if I provide it) some kind of tenant id, so I can confirm that they are logged in to the tenant they are self-reporting to me.

Does SF have docs on this flow somewhere?

Thanks!

Answer 1

When putting your iframe in Salesforce you can add the current SessionId and ServerURL in the query string parameters. You can then use the PartnerAPI with these

credentials to call back to Salesforce and verify the user's details. 

There are some very basic details on doing this in Implementing Salesforce Integrations on Force.com