How to send a Social User Access Token captured from your existing Social Login flow to your Socital Account

 

If you have already implemented Social Login on your website, every time a user authenticates through this Social Login flow you are obtaining a unique User Access Token from the Social Network.

 

In order to record this authentication and user in your Account at Socital you need to send this User Access Token to your Socital Account.

 

First, you need to connect to your Socital Account the same Social Apps you are using for the Social Login on your site.

 

 

Note: For Facebook, you need to send to Socital the long-lived access token. For more information, on how to obtain a long-lived access token, refer to Facebook Developers’ Documentation

 

access token flow

programmaticSocialLogin.md

There are two steps in the process of integrating your existing social login flow with Socital:

  1. Retrieve an authentication token to use when calling Socital's API. This should be done only once, afterwards you can reuse the same authentication token.
  2. Perform the social user authentication API call, each time a social user logs in through your site.

Below you can find detailed instructions for each step.

1. Authenticate and get API token:

Socital uses JSON Web Tokens in order to authenticate and authorize API calls. To get an authentication token, perform a POST request to https://api.socital.com/api/v1/rpc/auth/authenticate with your Socital account credentials specified as follows, inside the request's body:

 
{
    "email": "...",
    "password": "..."
}

If the credentials are correct, you will get a reply in the following format:

 
{
  "token": "..."
}

The exact value of the token should be included in the 'Authorization' header of each subsequent API request, prepended with the Bearer string, as follows:

Authorization: Bearer 

2. Social user authentication API call

Perform a POST request to https://api.socital.com/api/v1/rpc/auth/socialUserLogin with body:

 
{
    "ip": "..."
    "envData": {
        "currentURL": "http://...",
        "languages": [
            "en-US",
            "en",
            "el"
        ],
        "browserPlatform": "MacIntel",
        "browserVersion": "5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36",
        "browserName": "Netscape",
        "timeOffset": -120,
        "referrerURL": "http://..."
    },
    "loginData": {
        "provider": "...",
        "accessToken": "...",
        "applicationID": "..."
    }
}
  • The ip can be either an IPV4 or an IPV6 address. This field is mandatory.
  • The loginData.provider field should always be one of the following: facebook / twitter / linkedin / google. This field is mandatory.
  • The loginData.accessToken field should be the access token that the provider OAUTH process returns. This field is mandatory.
  • The loginDATA.applicationID field should be the ID of your activated application inside Socital's control panel. The social users will be registered via this application. You can find your application ID from your "account settings -> Connect social apps" panel. This field is mandatory
  • The envData field contains information that should be gathered from the browser. As an example, you can find a Javascript snippet which extracts this information:
 
var envData = (function () {
        var result = {
            browserName: navigator.appName,
            browserVersion: navigator.appVersion,
            browserPlatform: navigator.platform,
            referrerURL: document.referrer,
            currentURL: window.location.href,
            timeOffset: new Date().getTimezoneOffset()
        }
        if (navigator.languages) {
            result.languages = navigator.languages
        } else {
            if (navigator.language) {
                result.languages = [navigator.language]
            } else if (navigator.userLanguage) {
                result.languages = [navigator.userLanguage]
            }
        }
        return result
    })()

After performing the call, our server should reply with a JSON message, as follows:

 
{
  "success": true,
  "socialUserID": "..."
}

The socialUserID is given to you in case you need it, and corresponds to the app-specific social user ID that the social login provider gives. You can keep it in order to refer to this specific user in the future, if you want to get his complete profile from our database.