The Auth Providers resource is split into two parts:
This document covers the Core API functionality: authentication via external auth providers, such as social login. For the Extended API, see Auth Providers. For authentication via password, see Users.
Field | Value | Req/Default | Notes |
---|---|---|---|
id |
id | Auto-generated | Provider’s ID. Always starts with “ap_”. Example: |
provider_type |
string | ||
realm_id |
realm_id | ID of Realm this Provider belongs to. | |
request |
hash | Hash of request attributes to add to Event. See notes. |
Method | Permissions |
---|---|
List URLs, Get URL | read |
Authenticate, Authenticate Token | write |
List authorization URLs for all active social and third-party auth providers in the current realm.
Use the returned URLs to build links or buttons when building your own login page. Returned URLs are valid for 30 minutes.
Not needed when using hosted logins.
Param | Value | Default | |
---|---|---|---|
redirect_uri |
url | URL in your app that will receive the incoming OAuth token (and send it back to AuthRocket). | |
nonce |
string | Optional, but encouraged. A random string stored in the user's session in your app. Basically a CRSF check. |
GET /v1/auth_providers/authorize?redirect_uri=https%3A%2F%2Fmyapp.com%2Foauth
$res = $client->authProviders()->authorizeUrls([
"redirect_uri" => "https://myapp.com/oauth"
]);
AuthRocket::AuthProvider.authorize_urls(redirect_uri: 'https://myapp.com/oauth',
realm_id: 'rl_0v76O8itSEiwfhA64ZFvKj')
Status: 200
{ "more_results" : false,
"collection" : [
{ "id" : "ap_0v9XwmNDu1eHFAnDgYxHgb",
"provider_type" : "facebook",
"url" : "https://www.facebook.com/v...clFSZz09"
}
]
}
var_dump($res->results);
array(1) {
[0]=>
array(3) {
["id"]=> string(25) "ap_0v9XwmNDu1eHFAnDgYxHgb"
["provider_type"]=> string(8) "facebook"
["url"]=> string(391) "https://www.facebook.com/v...clFSZz09"
}
}
[#<AuthRocket::GenericObject:0x3fc21aab662c>
id: "ap_0v9XwmNDu1eHFAnDgYxHgb",
attribs: {
"provider_type"=>"facebook",
"url"=>"https://www.facebook.com/v...clFSZz09"
},
metadata: {
"more_results"=>false
}
]
Retrieve the authorization URL for one active social or third-party auth provider in the current realm.
Use the returned URL to build a link or button when building your own login page. Returned URL is valid for 30 minutes.
Not needed when using hosted logins.
Param | Value | Default | |
---|---|---|---|
redirect_uri |
url | URL in your app that will receive the incoming OAuth token (and send it back to AuthRocket). | |
nonce |
string | Optional, but encouraged. A random string stored in the user's session in your app. Basically a CRSF check. |
GET /v1/auth_providers/:provider_id/authorize?redirect_uri=https%3A%2F%2Fmyapp.com%2Foauth
GET /v1/auth_providers/:provider_type/authorize?redirect_uri=https%3A%2F%2Fmyapp.com%2Foauth
$res = $client->authProviders()->authorizeUrl('ap_0v9XwmNDu1eHFAnDgYxHgb', [
"redirect_uri" => "https://myapp.com/oauth"
]);
$res = $client->authProviders()->authorizeUrl('facebook', [
"redirect_uri" => "https://myapp.com/oauth"
]);
AuthRocket::AuthProvider.authorize_url('ap_0v9XwmNDu1eHFAnDgYxHgb',
redirect_uri: 'https://myapp.com/oauth')
AuthRocket::AuthProvider.authorize_url('facebook', redirect_uri: 'https://myapp.com/oauth',
realm_id: 'rl_0v76O8itSEiwfhA64ZFvKj')
ap=AuthRocket::AuthProvider.find 'ap_0v9XwmNDu1eHFAnDgYxHgb'
ap.authorize_url redirect_uri: 'https://myapp.com/oauth'
Status: 200
{ "id" : "ap_0v9XwmNDu1eHFAnDgYxHgb",
"provider_type" : "facebook",
"url" : "https://www.facebook.com/v...clFSZz09"
}
var_dump($res->fields);
array(3) {
["id"]=> string(25) "ap_0v9XwmNDu1eHFAnDgYxHgb"
["provider_type"]=> string(8) "facebook"
["url"]=> string(391) "https://www.facebook.com/v...clFSZz09"
}
"https://www.facebook.com/v...clFSZz09"
Accepts a provider’s token (authorization code), verifies it, and completes a login for the user.
Does for social and third-party authentication what Authenticate a User does for password logins, including creating login events and sessions.
Will auto-associate a social or third-party profile with an existing user, based on email address. If one is not found, will auto-create a new User. Auto-creating users happens regardless of values for signup
and signup_mode
on the LoginRocket Auth Provider.
Existing users must be humans and active
.
If you are starting with an access token (instead of an authorization code), most likely from an iOS or Android SDK, use Authenticate using an access token instead.
Param | Value | Default | |
---|---|---|---|
code |
string |
|
|
error |
string | If the external provider sends you |
|
nonce |
string | If provided to /authorize above, must send the same value here. You do not need to verify them; we will do it. | |
state |
string |
|
POST /v1/auth_providers/authorize
{ "code" : "ACQ51...KnJAS",
"state" : "ZWhCF...J3dmc",
"request" : {
"ip" : "127.0.0.1",
"client" : "user's User-Agent header"
}
}
$res = $client->authProviders()->authorize([
"code" => "ACQ51...KnJAS",
"state" => "ZWhCF...J3dmc"
]);
user=AuthRocket::AuthProvider.authorize(code: params['code'],
error: params['error'], state: params['state'])
Status: 200 with same body as Authenticate a User.
Status: 422 if there was an error. When possible, includes a retry URL with the error:
{ ... ,
"retry_url" : "4JagCZeSCVH...ae2kd9ZOaWo"
}
The retry URL is the same as from Get an Authorization URL above, with the addition of anything required by the provider to indicate this is a retry.
On success, returns a user object with token, same as Authenticate a User.
On failure, returns an object with errors:
$res->hasErrors();
// => true
var_dump($res->errors);
array(1) {
[0]=> string(16) "State is invalid"
}
Will also add a retry URL, which is the same as from Get an Authorization URL above, with the addition of anything required by the provider to indicate this is a retry.
$res->metadata["retry_url"];
// => "https://www.facebook.com/v...clFSZz09"
On success, returns a user object with token, same as Authenticate a User.
On failure, returns an object without an id, but with errors:
# => #<AuthRocket::User:0x3fde5fa18df8> id: nil, ...
user.errors?
# => true
user.valid?
# => false
user.errors
# => ["State is invalid"]
Will also add a retry URL, which is the same as from Get an Authorization URL above, with the addition of anything required by the provider to indicate this is a retry.
user.metadata[:retry_url]
# => "https://www.facebook.com/v...clFSZz09"
On success, triggers a user.login.succeeded
event.
If a new Credential was added to an existing user (it was their first login with this provider), triggers a user.updated
event.
If a new user was created, triggers a user.created
event.
Accepts a provider’s access token (already converted from an auth code) and completes a login for the user.
This is used when implementing authorization in native apps (typically iOS or Android), with a social vendor’s SDK that automatically converts authorization codes into access tokens for you. If you are starting with an authorization code, use Authenticate using a provider’s token instead.
Performs authentications, auto-association with users, and creates events like Authenticate using a provider’s token above.
If the token is expired or otherwise unusable, does not return a retry_url
(in contrast to Authenticate using a provider’s token).
Param | Value | Default | |
---|---|---|---|
access_token |
string | Valid access_token for the external provider. Required. |
POST /v1/auth_providers/:id/authorize
{ "access_token" : "JD7fD...jd8Nb2",
"request" : {
"ip" : "127.0.0.1",
"client" : "user's User-Agent header"
}
}
$res = $client->authProviders()->authorizeToken('ap_0v9XwmNDu1eHFAnDgYxHgb', [
"access_token" => "JD7fD...jd8Nb2"
]);
provider=AuthRocket::AuthProvider.find 'ap_0v9XwmNDu1eHFAnDgYxHgb'
user=provider.authorize_token(access_token: params['access_token'])
Status: 200 with same body as Authenticate a User.
Status: 422 if there was an error.
On success, returns a user object with token, same as Authenticate a User.
On failure, returns an object with errors:
$res->hasErrors();
// => true
var_dump($res->errors);
array(1) {
[0]=> string(23) "Access token is invalid"
}
On success, returns a user object with token, same as Authenticate a User.
On failure, returns an object without an id, but with errors:
# => #<AuthRocket::User:0x3fde5fa18df8> id: nil, ...
user.errors?
# => true
user.valid?
# => false
user.errors
# => ["Access token is invalid"]
On success, triggers a user.login.succeeded
event.
If a new Credential was added to an existing user (it was their first login with this provider), triggers a user.updated
event.
If a new user was created, triggers a user.created
event.
Questions? Find a Typo? Get in touch.