Description
Once you have activated the social login, you can log in, creating a user in the background, with existing credentials from another provider (e.g. meta, x, google, etc).
Please, read first DruID Oauth Documentation to learn about Oauth2 protocol and the meaning of each token.
Take into consideration that if there are some terms and conditions related to the entry-point where the user is trying to login, then this method is going to return a 451 and you need to make a call to the Accept Terms and Condition Social endpoint.
You must provide a real external identifier, indicating also a real external provider. In addition, you must provide a context with the token, and its expiry date, that you have obtained by logging the user into the external provider, as well as an email associated with the social network. There are two options for this type of case:
- If through the configuration the terms and conditions are mandatory, a user will be created with that email address, confirmed, depending on the social network.
- If the terms and conditions are not mandatory, a user will be created without an email address, and therefore, without confirmation.
Endpoint URL:
POST https://{your-endpoint-domain.com}/activityid/v1/user/access
Request parameters
| Parameter | Description | Type | Required |
|---|---|---|---|
| Authorization | “Bearer app_token” Literal text Bearer followed by app_token that is the token obtained from /oauth2/token endpoint | string | yes |
| Content-Type | The type of content that will be used for requests to be JSON | string | yes |
| Accept | The type of content that will be used for responses to be JSON | string | yes |
| From | Name of the entry point | string | yes |
| Accept-Language | Language for this request | Locale | no |
Query string parameters
| Parameter | Description | Type | Required | Default value |
|---|---|---|---|---|
| sc | With this paramater you can configure how user fields are validated: by default ALL validation errors are returned back to service caller (). If you want to receive only ONE validation error each time, you have to send query String parameter ‘sc=true’ | boolean | no | false |
Request example
| Parameter | Description | Type | Required | Value |
|---|---|---|---|---|
| actor.id | app_id of the application you are using to log user | string | yes | app id |
| actor.objectType | Type of the object which represents the actor. | string | yes | ‘application’ |
| verb | Verb used for the login | string | yes | ‘access’ |
| object.objectType | ObjectType represents the user | string | yes | ‘user’ |
| object.password | Password of the user. it must be send plain | string | yes | user password |
| object.ids.{{external_provider_id}} | This is the name of the external identifier of the selected social network through which the login was made. Allowed values are: facebook_id, twitter_id, google_plus_id, linkedin_id, .windows_live_id, .instagram, wechat_id, external_id, apple_id, avet_id | struct | yes | ‘google_plus_id’ |
| object.ids.email .objectType | ObjectType represents the id of the user | string | yes | ‘user_id’ |
| object.ids.{{external_provider_id}} .value | Value of the external identifier retrieved from the identity provider used in the social network | string | yes | external identifier id value |
| context.access_token .value | Value of the token obtained from the identity provider through which the login was made. | string | yes | token value |
| context.access_token .expires_at | Expiration date of the token obtained from the identity provider through which the login was made. | number | yes | timestamp (ms) |
| context.profíle.email | Email address associated with the identity provider through which the login was made | string | no | |
| source.id | Type of device doing the activity | string | yes | ‘unknown’ | ‘pc’ | ‘mobile’ | ‘tablet’ | ‘game_console’ | ‘itv’ |
| source.objectType | Type of source | string | yes | ‘device’ |
Response examples
Response: social user logged
| Parameter | Description | Type |
|---|---|---|
| content | Data receive with the response | struct |
| content.user | Data of the user logged with the request. More info about user struct at User Info | struct |
| content.session_info | session info structure | struct |
| content.session_info.access_token | access token value | string |
| content.session_info.token_type | token type | ‘bearer’ |
| content.session_info.expires_in | the remaining lifetime in seconds of the access token | long |
| content.session_info.expires_at | epoch time in milliseconds when the token will expire. If you use unix tools to convert time you must discard last 3 digits | long |
| content.session_info.refresh_token | Refresh token value. You must use if youre are following “oauth2 refresh token flow”. You can ignore this value in rest of cases | string |
| content.session_info.login_status | oauth2 server login status of logged user | struct |
| content.session_info.login_status.uid | DRUID of the logged user.It will have the same value of content.user.id | long |
| content.session_info.login_status.connect_state | oauth2 server connect state | ‘connected’ | ‘notConnected’ | ‘unknown’ |
| content.session_info.scope | scope for which the token was created | string |
| result.status | http status code | integer |
Response: social user login success, but need to accept Terms & Conditions
| Parameter | Description | Type |
|---|---|---|
| content | Data receive with the response | struct |
| content.url | The URL of the request | string |
| content.assertions | Assertions info structure | struct |
| content.assertions.objectType | Type of the object | string |
| content.assertions.items | Collection of the assertions that the users needs to accept to login | struct |
| content.assertions.items.objectType | Type of the object | string |
| content.assertions.items.displayName | The content of the assertion. | string |
| content.assertions.items.type | Type of assertion. | string |
| content.assertions.items.typology | Type of typology | string |
| content.assertions.items.mandatory | Whether the assertion is mandatoy | bool |
| content.assertions.totalItems | Size of the items’ collection | integer |
| result.status | http status code | integer |
| result.elapsed | Time spent to receive the response | integer |
| result.errors | Response errors | struct |
| result.errors.message | Description of the error | string |
Response codes
| Code | Type | Description |
|---|---|---|
| 400 | Error | Bad Request: The request could not be understood by the server due to malformed syntax |
| 401 | Error | Unauthorized: authentication is required and has failed or has not yet been provided (token is invalid, etc) |
| 403 | Error | Forbidden: user id or password are invalid |
| 412 | Error | Precondition failed: User can not log because he/she has not confirmed email |
| 426 | unlinked | User not found, but email found in DruID. Please redirect to link account |
| 451 | Error | Unavailable For Legal Reasons: user must accept new terms and conditions |
| 500 | Error | Internal Server Error: The server encountered an unexpected condition which prevented it from fulfilling the request |
| 504 | Error | Gateway TimeoutService can not contact with oauth server to do some internal operations |
| 200 | Success | User logged successfully. You will get ‘user logged JSON response’ |
| 207 | Success | Multi-Status: User logged successfully, but needs to accept Terms & Conditions |