Classic Login

Integrate cidaas login in your application

In this section, you will find the flow of integrating cidaas login functionality in your application.

Once you signup with cidaas, you can create apps for your customers in the cidaas admin portal. cidaas allows you to develop your own UI and implement cidaas login functionality for your apps.

If you are in this section, we assume you already created an application in your cidaas account and want to integrate cidaas login functionality in that application.

If you don’t have any active application in your cidaas account, Refer Steps to create cidaas app in the later sections of this tutorial.

Overall process would be

  • Generate RequestID
  • Call Login API
  • Validations and Verifications
  • Access token issuance

The flow will be illustrated as shown below,

Here, numbering is used to notify the index of the API calls listed below,

  1. RequestId Generation API
  2. cidaas Login API
  3. Initiate Verification API
  4. Verify user code API
  5. Missing fields API
  6. Progressive Registration Process
  7. Check MFA API
  8. Authenticate MFA API
  9. Intiate Consent Mangement API
  10. Acceptance of consent management process
  11. Change password API

You will find the elaborate usage of these API's in the later sections of this tutorial.

We will guide you through the process — it's pretty easy!

Generate RequestID

RequestID is a unique id generated by cidaas which is used to track the user's pre-login status. You can use the generated requestID throughout the session to call other API's.

1. RequestID Generation API

In this section, we are explaining the steps to create RequestID using RequestId Generation API of cidaas.

You need to call RequestId Generation API before loading your login page. You need to send your client id, redirect_uri , scope and response_type in the api request.

To know more about how to get client id, client secret and required app details from cidaas, Refer to Steps to get cidaas app details section of this tutorial.

Call Login API

Once requestID gets generated, you need to call the Login API provided by cidaas, during onClick of login button on your login page.

2. cidaas Login API

In this section, you'll find steps on how to call Login API provided by cidaas.

You need to call Login API, with the username and password entered by the user in the login form.

Login API:
{{baseurl}}/login-srv/login
API Method  : POST
Request Body :
    {
    "username":"username from login form",
    "password":"password from login form",
    "requestID" : ****************************
}

If all the properties you sent are valid, then you'll get "Success" in the response.

Success Response:

  • code: 200

Validations and verifications

Once you got success code in the response of login API, then cidaas will continue for the token generation.

This pre-access-token generation involves several validations such as:

  • Account verification check
  • Missing fields check
  • Consent management check
  • MFA enabled check
  • Change password on first login check

Account verification check

Login API will check whether your user account is verified or not.

If your account is already verified, then Login API directly moves to next verification.

If your email / mobile number does not get verified, then you need to verify them before proceeding to login. You can verify your account either by link flow or by code flow.

Link flow - Verification link will be sent to the user via email. Once user clicks on that link verfication process starts.

Code flow - Verification link along with verification code will be sent to the user via email. Once user clicks on that link, they will be redirected to the page to enter verification code. If the code entered is valid then only the verfication process will start.

3. Initiate Verification API

Now, you need to call the Initiate Verification API, to initiate your account verification process by email or phone-number.

Initiate Verification API :
{{baseurl}}/verification-srv/account/initiate
API METHOD : POST
Request Body:
{
    "requestId":"***********************************",
    "email":"enter_your_email_id",
    "verificationMedium":"email",
    "processingType":"CODE"
}

Note: If you want to verify with link flow then send "processingType" as "LINK".

If all the properties you sent are valid, then you'll get "Success" in the response and the verification link and verification code(in case of code flow) will be sent to the user's email.

Success Response:

  • success: true
  • status: 200
  • data:
    • accvid: ********************************
    • email: your email address

4. User Code Verification API

Now, you need to call User code verification API to verify your account by validating the link/code you get in the response of Initiate Verification API to complete your verification process.

Verify user code API :
{{baseurl}}/verification-srv/account/verify
API METHOD : POST
Request Body:
{
    "accvid":"********************************",
    "code":"910176" //Enter code sent to your email/mobile
}

Success Response:

  • success: true
  • status: 200
  • data:
    • suggested_action: "LOGIN"
    • trackId: 98d73327-c992-4164-8a08-3b09f4896b40

Missing fields check

cidaas needs some fields as mandatory to proceed login process, if values for those fields are not present in your user account and you tries to login, then cidaas will show progressive registeration screen to add those mandatory fields.

If your acccount have all valid fields, then Login API directly moves to next verification.

5. Missing fields API

Now, you need to call the Missing fields API, to proceeds progressive registration to get all mandatory fields.

Missing  fields API :
{{baseurl}}/token-srv/prelogin/metadata/:track_id
API METHOD : GET
path param : track_id

Success Response:

  • success: true
  • status: 200

6. Progressive Registration Process

If the response from Missing fields API returns true, then cidaas will show progressive registeration screen to add those mandatory fields. To know more about Progressive registeration process, refer here

MFA enabled check

If your account is enabled for Multi factor authentication or your app having MFA enabled by default, then Login API will check for the successful Multi factor authentication.

If you are not enabled for any MFA configuration, then Login API directly moves to next verification.

7. Check MFA API

Now, you needs to call the MFA API, to perform multi factor authentaion process.

MFA process involves,

  • Get list of all MFA methods configured to your account.
  • Select an MFA method as per your wish.
  • Intitiate authentication
  • Perform Authentication.

To know more about,

  • Get MFA list API, refer here

8. Authenticate MFA API

Once you get the list of configured methods choose any of it and start verification process by using the following API's

  • Initiate authentication API, to know more refer here
  • Authenticate API, to know more refer here

If you enabled the option to show consent at the time of registration, then Login API will check for the acceptance of that consent.

If you are not enabled for any consent or you already accepted your consent then Login API directly moves to next verification.

In case your account is enabled for some consent and you didn't accepted it, then you need to accept it before proceeding to login.

9. Consent Management API

For that, you need to call the Consent Management API, to show consent screen where you can accept it.

Consent Management API :
{baseurl}/consent-management-srv/v2/consent/usage/public/info
API METHOD : POST
Request Body :
{
 "consent_id": "**********************",
 "consent_version_id": "**********************",
 "sub": "**********************"
}

Success Response:

  • success: true
  • status: 200
  • data:
    • consent_id: "**************************"
    • consent_version_id: "**************************"
    • content: "content of your consent"
    • consent_name: "name of your consent"
    • sub: "**************************"

10. Acceptance of consent management process

If the Consent Management API returns true, then you will be redirected to the consent screen where you need to accept the consent that displays to proceeds login.

The user must needs to accept the consent to proceeds login. To know more about Consent management in cidaas, refer here

Change password on first login check

Once you successfully signup with cidaas, you will receive a system generated password from cidaas admin. You need to login to your account with that password and must reset your password before next login.

So, when you call Login API, it will check whether you have performed reset password or not. If you already sets a new valid password then Login API will proceeds directly to next step of token generation.

11. Change password API

If you didn't reset your password, then you need to call Change password API to reset your password.

Reset Password API :
{{baseur}l}/login-srv/precheck/continue/{{lsid}}
API METHOD : POST
Request Body :
{
  "old_password": "**********************",
  "new_password": "**********************",
  "confirm_password": "**********************",
  "loginSettingsId": "**********************"
}


Access token generation

Now, we are done with all the validations.

If all conditions are valid, then Login API will generate access_token and other attributes then it will redirects to your redirect_uri which means your login is successsful.

Note : If you want to know more about API's we discussed, refer to the API Details section of this tutorial

Steps to create cidaas app

In order to get client ID and Client Secret, you need to cretae an "App" in cidaas. This section provides steps to create "App" using cidaas administration interface, which is available after you sign up with cidaas.

1. Navigate to cidaas Administrator dashboard -> Apps -> App Settings.

2. Click on Create New App button.

3. Enter app name and then select App type as per your requirement.

4. Under App Settings, select 'email', 'openid', 'profile' as Scopes.

5. Fill out all required information and click on Save button.

Steps to get cidaas app details

Once you created an app in cidaas, unique client id and client secret will be generated for your application.

To get those details, follow the below steps,

1. In the edit mode of your cidaas application, you can see the generated client id and client secret. To enter edit mode, Navigate to cidaas Admin dashboard -> Apps -> App Settings -> Click on the edit icon corresponding to your application.

2. You can get the client id and client secret under App Settings.

Make note of this client id and client secret.


API Details

1. RequestId Generation

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#c5edf706-07fe-4b8e-9d73-add294e1c8cf

2. Login

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#bc47f026-050f-4ab5-ad94-32b2eefce0a5

3. Account Verification

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#e83162f6-e5b5-42f1-8ea9-af934e5e55fc

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#22ff6656-a329-4aed-bc6b-988d10956147

4. Checks for Login

curl '{{baseurl}}/login-srv/login/handle/afterregister/{{track_id}}' --compressed

5. Missing Fields during Registration

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#8ff83f69-1a5c-4628-98ff-d81be8cfac68

6. Checks for Login

curl '{{baseurl}}/login-srv/precheck/continue/{{track_id}}' --data 'trackId=aab8b099-ce12-4ecf-bf27-39eeb5c63fbd' --compressed

7. Always ask MFA

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#ac602014-7bed-4ffb-b83b-7993a303561b

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#0bd49b54-44a6-4068-b7e6-8a9707da08ec

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#2d3ee2b7-9106-47ff-a9c0-834b0d94d47d

8. Checks for Login

curl '{{baseurl}}/login-srv/precheck/continue/{{track_id}}' --data 'status_id=eb0838a9-631c-44e0-90c7-22df274700df&sub=ead78af2-fc8d-4764-96ae-c999159d98f5&requestId=f67474d1-5116-4548-b752-6269ec1ec840&verificationType=EMAIL' --compressed

9. Consent Management

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#cb045c31-88f0-4248-84f5-970d1d19530e

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#f38f70d6-7937-4924-97ca-aa1da88107a6

10. Checks for Login

curl '{{baseurl}}/login-srv/precheck/continue/{{track_id}}' --data 'version=af2d071f-7ea9-4229-9db1-d0cafb950bfc&sub=3b164a51-8cd5-4787-a63e-15b4ed23dbce&client_id=4d5e6e20-9347-4255-9790-5b7196843103&name=' --compressed

11. Change password on First time login

curl '{{baseurl}}/login-srv/precheck/continue/{{lsid}}' --data 'old_password=123456&new_password=12345678&confirm_password=12345678&loginSettingsId=2f8b73be-b409-423d-b038-5637bfca0c90' --compressed



results matching ""

    No results matching ""