The single sign-on API can help you safely and effectively determine whether the user from the take-off page has logged in, and is often used to connect your website and your back-end system. The specific implementation is as follows:
1. Enable the API and this function in the background of the mall
Note: APIs are only supported in Lightspeed Edition and above, and APIs are not supported in ordinary space editions. If you use the normal space version, you cannot see this interface. But you can see it in the free version.
2. Think about how your background system should handle tokens and determine an address
Assuming that the address of your background system is: console.example.com, the address you need to process requests from the website is: http://console.example.com/login_from_website?token=your_token. Then, you can add such a URL link in the latter button of the menu. Just replace the token value with the replacement character " --auth_token-- ". As shown below:
button
menu
user menu
In the page, the take-off page system will automatically replace --auth_token-- with a UUID uniquely corresponding to this user's login.
For example:http://console.example.com/login_from_website?token=59c1041edfdb6 _
When the user clicks on this link, it will jump to your system with a unique identifier. Next, we only need to verify whether this unique identifier is generated by the take-off page.
IMPORTANT: The replacement " --auth_token-- " is currently only available in menus , user menus and buttons .
3. Verify whether the passed token is valid through the API, and obtain the basic information of the user
Suppose your takeoff page website address is: http://www.example.com/, API_KEY is 123456, and the token passed by the user is aaabbbccc. Then your authentication API address is:
http://www.example.com/FeiEditor/api_v1/auth?token=aaabbbccc&API_KEY=123456
Of course, you can also use the POST method to pass the two parameters of token and API_KEY.
The possible returns of the system are:
Authentication succeeded:
{
"result": true,
"user": {
"ID": "1234",
"user_email": "example@email.com",
"display_name": "A User",
"user_login": "demo-user",
"roles":{"1":"administrator","2":"subscriber"},
"user_registered": "2014-02-17 02:54:31"
}
}
"result": true,
"user": {
"ID": "1234",
"user_email": "example@email.com",
"display_name": "A User",
"user_login": "demo-user",
"roles":{"1":"administrator","2":"subscriber"},
"user_registered": "2014-02-17 02:54:31"
}
}
Key point: When the verification is successful, it will not only return whether it is successful, but also return important information such as the user's ID and role. You can use this information to know the user's ID and permissions.
verification failed:{
"result": false,
"reason": "fail reason"
}
"result": false,
"reason": "fail reason"
}
4. Frequently Asked Questions and Answers
How long is the token valid for?
How long is the token valid for?
The token is valid for 10 minutes. After more than ten minutes, the user needs to manually refresh the page, and the system will regenerate the token.