Login

👍

Check our Reference Materials for more details about MediaStore SDKMediaStore SDK - MediaStore SDK consists of components that will empower you to build and design a seamless checkout process, help visitors become subscribers, and then allow you to manage their subscription to your service in an intuitive and trusted manner..

Customers can be logged in using offerId or publisherId:

  • offerId - use login with offerId if the customer has already chosen an offer
  • publisherId - use publisherId if you want to enable choosing an offer after login.

Call /auths method to log in the customer.

In response, you will get JWTJWT - JWT (JSON Web Token) - open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. In Cleeng, JWT payload contains: customerId, publisherId, expiration date. JWT is valid for 15 minutes and after that time a refresh token mechanism can be used. (authorization token), a refresh token and customerTokencustomerToken - customerToken is used for customer authentication by most of the Cleeng API. Can be used e.g. to verify access (getAccessStatus method) (you may need customerToken to use other Cleeng APIs).

After logging, you should check consents to make sure that the customer has accepted the latest version. To do so use Fetch customer's consents.

Cleeng saves a customer's last login date in the background. You can review this date in Customer Accounts page or by fetching customer data. It will be set up after registration and updated after each login.

Login flowchartLogin flowchart

Login flowchart

Single Sign-on (SSO)

Single Sign-on (SSO) is aimed at broadcasters who use MediaStore SDK-based solution (checkout, my account) with an external identity management system as the primary identity provider.

📘

Good to know

SSO is a universal solution that can be used with any identity provider (Gigya, Okta, LoginRadius, or other internally developed systems), but middleware is required.

To omit middleware and integrate with a specific identity provider, it is possible to build a connector.

SSO simplifies a customer journey by allowing your customers to access MediaStore SDK features with a single identification even if they are authenticated with a third-party identity provider.

To achieve this, a broadcaster can generate a JWTJWT - JWT (JSON Web Token) - open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. In Cleeng, JWT payload contains: customerId, publisherId, expiration date. JWT is valid for 15 minutes and after that time a refresh token mechanism can be used. on behalf of a customer without a need to pass credentials.

The SSO login process:

  1. A customer logs in using a third-party identity provider (e.g. Gigya, Okta, etc.).

  2. Once a customer is authenticated, middleware service makes an API call on behalf of the customer to /sso/auths endpoint. The endpoint makes it possible to generate JWTJWT - JWT (JSON Web Token) - open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. In Cleeng, JWT payload contains: customerId, publisherId, expiration date. JWT is valid for 15 minutes and after that time a refresh token mechanism can be used. without providing the customer password but with publisherToken instead.

    Please note that this is an exception because, unlike other MediaStore SDK endpoints, this one requires publisherToken for authorization.

  3. Both the JWT access token and a refresh token are generated and returned to the middleware.

  4. JWT access token is used for API calls and subsequent auto-logins to MediaStore SDK.

See the example flow below.

Example Login Sequence DiagramExample Login Sequence Diagram

Example Login Sequence Diagram

Up Next

Now that you've enabled customers to log in, let's provide for the situation when they forget their password.


Did this page help you?