Social Login

Integrate social login in cidaas

In this section, you will find how you can enhance login experience of your application, by allowing login using popular social provifers like Google, Facebook, LinkedIn and many more.

Once you signup with cidaas, you can create apps for your customers in cidaas admin portal. cidaas allows you to develop your own UI and enhance login functionality for your apps. cidaas allows you to integrate a number of social providers (that use OAuth2 protocol) to enable seamless registration and login for your customers.

If you are in this section, we assume you already created an application in your cidaas account and want to integrate social login functionality in that application.

If you don’t have any active application in your cidaas account, Refer Steps to create cidaas app in the later sections of this tutorial.

Overall process would be

  • Generate RequestID
  • Get all social providers available
  • Call Social login API
  • Validations and Verifications
  • Access token issuance

The flow will be illustrated as shown below,

Here, numbering is used to notify the index of the API calls listed below,

  1. RequestId Generation API
  2. Get all configured social providers API
  3. Social Login API
  4. Initiate Verification API
  5. Verify user code API
  6. Missing fields API
  7. Progressive Registration Process
  8. Initiate MFA API
  9. Authenticate MFA API
  10. Intiate Consent Mangement API
  11. Acceptance of consent management process
  12. Change password API

You will find the elaborate usage of these API's in the later sections of this tutorial.

We will guide you through the process — it's pretty easy!

Generate RequestID

RequestID is a unique id generated by cidaas which is used to track the user's pre-login status. You can use the generated requestID throughout the session to call other API's.

1. RequestID Generation API

In this section, we are explaining the steps to create RequestID using RequestId Generation API of cidaas.

You need to call RequestId Generation API before loading your login page. You need to send your client id, redirect_uri , scope and response_type in the api request.

To know more about how to get client id, client secret and required app details from cidaas, Refer to Steps to get cidaas app details section of this tutorial.

Get all social providers available

In this section, you'll find steps to get a list of all social providers enabled for your application using Get all configured social providers API.

In case, no providers enabled for your application, you can follow Configure social provider for your application section in this tutorial to enable required social providers for your application.

2. Get all configured social providers API

You need to call Get all configured social providers API, once requestID is generated. You need to send your recently generated requestID as 'path param' in the api request.

The listed providers will appear in the login screen of your application.

Call Social Login API

Now, you need to call the Social login API provided by cidaas, during onClick of each of the social provider button on your login page. The call will redirects to the corresponding provider's login screen.

3. Social Login API

In this section, you'll find steps on how to call Social Login API provided by cidaas.

1. You need to call Social Login API, by mentioning the provider and requestId as 'path params'. You can also need to mention the port to return, in case of any error occurs during third party redirection or authentication in 'query parm'.

eg. Consider Facebook provider is enabled for your application.Then your login with facebook API call will look like the one below,

{{baseurl}}/login-srv/social/login/facebook/*****************************?return_to=http://localhost:8080
GET API  : {{baseurl}}/login-srv/social/login
provider : facebook
requestID : ****************************
return url : http://localhost:8080

2. If all the properties you sent are valid, then you'll get "Success" in the response.

Success Response:

  • code: 200

Validations and verifications

Once you got success code in the response of social login API, then cidaas will continue for the token generation.

This pre-access-token generation involves several validations such as:

  • Account verification check
  • Missing fields check
  • Consent management check
  • MFA enabled check
  • Change password on first login check

Account verification check

Social login API will check whether your user account is verified or not.

If your account is already verified, then Social Login API directly moves to next verification.

If your email / mobile number does not get verified, then you need to verify them before proceeding to login. You can verify your account either by link flow or by code flow.

Link flow - Verification link will be sent to the user via email. Once user clicks on that link verfication process starts.

Code flow - Verification link along with verification code will be sent to the user via email. Once user clicks on that link, they will be redirected to the page to enter verification code. If the code entered is valid then only the verfication process will start.

4. Initiate Verification API

Now, you need to call the Initiate Verification API, to initiate your account verification process by email or phone-number.

Initiate Verification API :
{{baseurl}}/verification-srv/account/initiate
API METHOD : POST
Request Body:
{
  "requestId":"***********************************",
    "email":"enter_your_email_id",
    "verificationMedium":"email",
    "processingType":"CODE"
}

Note: If you want to verify with link flow then send "processingType" as "LINK".

If all the properties you sent are valid, then you'll get "Success" in the response and the verification link and verification code(in case of code flow) will be sent to the user's email.

Success Response:

  • success: true
  • status: 200
  • data:
    • accvid: ********************************
    • email: your email address

5. User Code Verification API

Now, you need to call User Code Verification API to verify your account by validating the link/code you get in the response of Initiate Verification API to complete your verification process.

Verify user code API :
{{baseurl}}/verification-srv/account/verify
API METHOD : POST
Request Body:
{
  "accvid" : "********************************",
    "code" : "910176" // Enter code sent to your email/mobile
}

Success Response:

  • success: true
  • status: 200
  • data:
    • suggested_action: "LOGIN"
    • trackId: 98d73327-c992-4164-8a08-3b09f4896b40

Missing fields check

cidaas needs some fields as mandatory to proceed login process, if values for those fields are not present in your user account and you tries to login, then cidaas will show progressive registeration screen to add those mandatory fields.

If your acccount have all valid fields, then Social Login API directly moves to next verification.

6. Missing fields API

Now, you need to call the Missing fields API, to proceeds progressive registration to get all mandatory fields.

Missing  fields API :
{{baseurl}}/token-srv/prelogin/metadata/:track_id
API METHOD : GET
path param : track_id

Success Response:

  • success: true
  • status: 200

7. Progressive Registration Process

If the response from Missing fields API returns true, then cidaas will show progressive registeration screen to add those mandatory fields. To know more about Progressive registeration process, refer here.

MFA enabled check

If your account is enabled for Multi factor authentication or your app having MFA enabled by default, then Social Login API will check for the successful Multi factor authentication.

If you are not enabled for any MFA configuration, then Social Login API directly moves to next verification.

8. Check MFA API

Now, you needs to call the MFA API, to perform multi factor authentaion process.

MFA process involves,

  • Get list of all MFA methods configured to your account.
  • Select an MFA method as per your wish.
  • Intitiate authentication
  • Perform Authentication.

To know more about,

  • Get MFA list API, refer here

9. Authenticate MFA API

Once you get the list of configured methods choose any of it and start verification process by using the following API's

  • Initiate authentication API, to know more refer here
  • Authenticate API, to know more refer here

If you enabled the option to show consent at the time of registration, then Social Login API will check for the acceptance of that consent.

If you are not enabled for any consent or you already accepted your consent then Social Login API directly moves to next verification.

In case your account is enabled for some consent and you didn't accepted it, then you need to accept it before proceeding to login.

10. Consent Management API

For that, you need to call the Consent Management API, to show consent screen where you can accept it.

Consent Management API :
{{baseurl}}/consent-management-srv/v2/consent/usage/public/info
API METHOD : POST
Request Body :
{
 "consent_id": "**********************",
 "consent_version_id": "**********************",
 "sub": "**********************"
}

Success Response:

  • success: true
  • status: 200
  • data:
    • consent_id: "**************************"
    • consent_version_id: "**************************"
    • content: "content of your consent"
    • consent_name: "name of your consent"
    • sub: "**************************"

11. Acceptance of consent management process

If the Consent Management API returns true, then you will be redirected to the consent screen where you need to accept the consent that displays to proceeds login.

The user must needs to accept the consent to proceeds login. To know more about Consent management in cidaas, refer here

Change password on first login check

Once you successfully signup with cidaas, you will receive a system generated password from cidaas admin. You need to login to your account with that password and must reset your password before next login.

So, when you call Social login API, it will check whether you have performed reset password or not. If you already sets a new valid password then Social login API will proceeds directly to next step of token generation.

12. Change password API

If you didn't reset your password, then you need to call Change password API to reset your password.

Reset Password API :
{{baseurl}}/login-srv/precheck/continue/{{lsid}}
API METHOD : POST
Request Body :
{
  "old_password": "**********************",
  "new_password": "**********************",
  "confirm_password": "**********************",
  "loginSettingsId": "**********************"
}


Access token generation

Now, we are done with all the validations.

If all conditions are valid, then Social Login API will generate access_token and other attributes then it will redirects to your redirect_uri which means your login is successsful.

Note : If you want to know more about API's we discussed, refer to the API Details section of this tutorial

Steps to create cidaas app

In order to get client ID and Client Secret, you need to cretae an "App" in cidaas. This section provides steps to create "App" using cidaas administration interface, which is available after you sign up with cidaas.

1. Navigate to cidaas Administrator dashboard -> Apps -> App Settings.

2. Click on Create New App button.

3. Enter app name and then select App type as per your requirement.

4. Under App Settings, select 'email', 'openid', 'profile' as Scopes.

5. Fill out all required information and click on Save button.

Steps to get cidaas app details

Once you created an app in cidaas, unique client id and client secret will be generated for your application.

To get those details, follow the below steps,

1. In the edit mode of your cidaas application, you can see the generated client id and client secret. To enter edit mode, Navigate to cidaas Admin dashboard -> Apps -> App Settings -> Click on the edit icon corresponding to your application.

2. You can get the client id and client secret under App Settings.

Make note of this client id and client secret.

Configure social provider for your application

In this section, you'll find steps on how to add login providers for your application.

1. Go to cidaas Admin dashboard -> Settings -> Login Providers -> Social Providers and select any of provider from the menu as per your requirement.

2. Under Configure Clients for your selected provider section, you find a list of various applications created in your cidaas account. Select your application for which you want to enable the selected provider as social provider.


API Details

1. RequestId Generation

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#c5edf706-07fe-4b8e-9d73-add294e1c8cf

2. Load Social providers

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#54bfc92d-bd47-417d-9d2d-0db4e32305cc

3. Login

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#bc47f026-050f-4ab5-ad94-32b2eefce0a5

4. Account Verification

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#e83162f6-e5b5-42f1-8ea9-af934e5e55fc

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#22ff6656-a329-4aed-bc6b-988d10956147

5. Checks for Login

curl '{{baseurl}}/login-srv/login/handle/afterregister/{{track_id}}' --compressed

6. Missing Fields during Registration

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#8ff83f69-1a5c-4628-98ff-d81be8cfac68

7. Checks for Login

curl '{{baseurl}}/login-srv/precheck/continue/{{track_id}}' --data 'trackId=aab8b099-ce12-4ecf-bf27-39eeb5c63fbd' --compressed

8. Always ask MFA

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#ac602014-7bed-4ffb-b83b-7993a303561b

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#0bd49b54-44a6-4068-b7e6-8a9707da08ec

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#2d3ee2b7-9106-47ff-a9c0-834b0d94d47d

9. Checks for Login

curl '{{baseurl}}/login-srv/precheck/continue/{{track_id}}' --data 'status_id=eb0838a9-631c-44e0-90c7-22df274700df&sub=ead78af2-fc8d-4764-96ae-c999159d98f5&requestId=f67474d1-5116-4548-b752-6269ec1ec840&verificationType=EMAIL' --compressed

10. Consent Management

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#cb045c31-88f0-4248-84f5-970d1d19530e

https://documenter.getpostman.com/view/12989937/TVRhaUHb?version=latest#f38f70d6-7937-4924-97ca-aa1da88107a6

11. Checks for Login

curl '{{baseurl}}/login-srv/precheck/continue/{{track_id}}' --data 'version=af2d071f-7ea9-4229-9db1-d0cafb950bfc&sub=3b164a51-8cd5-4787-a63e-15b4ed23dbce&client_id=4d5e6e20-9347-4255-9790-5b7196843103&name=' --compressed

12. Change password on First time login

curl '{{baseurl}}/login-srv/precheck/continue/{{lsid}}' --data 'old_password=123456&new_password=12345678&confirm_password=12345678&loginSettingsId=2f8b73be-b409-423d-b038-5637bfca0c90' --compressed



results matching ""

    No results matching ""