Logging In Users
Prerequisites
- Completion of registering users guide (you have a user that has created an account)
Implementation
The steps to login a user to your storefront is very similar to registering users, except that the user will use exsiting credetnails.
Generating Proof Key for Code Exchange
To begin the authorization flow, you'll need to create a pkce code challenge. This can be achieved via a library of your choice in the language you are developing in. Or you can create your own. Here is some psuedo code to assist with creating your own.
code_verifier = randomBytes(length=43) // length to be minimum of 43 and maximum of 128
code_challenge = base64urlEncode(SHA256(ASCII(code_verifier)))
We will then use the code_challenge in the first step to start the authentication flow.
Requesting for Authorization
Assuming you have some login / register button on your storefront: When a user clicks on that button, you'll construct a link and redirect the users browser to the constructed link.
Start with your base fabric Identity endpoint /oauth/{authServer}/v1/authorize
And construct the following parameters as query parameters
{
"client_id": {your_client_id},
"response_type": "code",
"scope": "openid",
"redirect_uri": {your_oauth_callback_route},
"state": {random_uuid},
"code_challenge_method": "S256",
"code_challenge": {code_challenge_from_previous_step}
}
Once constructed the link, redicect the users browser to this link. The user will then land on your fabric Identity login and registration page.

The user will now sign in using their credentials they have setup.
Requesting access_token from authorization code
If successful sign in the users browser will be redirected back to your application, with standard oauth query parameters set in the URL.
You need to extract the query parameters from the callback uri.
{
"code": {the_code_to_be_used_in_next_step},
}
Make a POST request (application/x-www-form-urlencoded
) to /oauth/{authServer}/v1/token
with the following parameters
{
"client_id": {your_client_id},
"code": {code_extracted_from_query_params},
"grant_type": "authorization_code",
"redirect_uri": {your_oauth_token_callback_rout},
"code_verifier" {code_verifier_from_first_step}
}
You'll recieve a response that contains the following
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "{access_token}",
"scope": "openid",
"id_token": "{open_id_token}"
}
Fetching the user's customer profile
Once you have obtained an access token for the user, you can fetch their customer profiles by making a request to
GET http://{domain}/v1/user-party/user/{userId}
this will return you a list of customer profiles that is assosiated to the logged in user. See the next guide on creating customer profiles here