Logging In Users

Prerequisites

  1. Completion of registering users guide (you have a user that has created an account)

Implementation

The steps to login a user to your storefront is very similar to registering users, except that the user will use exsiting credetnails.

Generating Proof Key for Code Exchange

To begin the authorization flow, you'll need to create a pkce code challenge. This can be achieved via a library of your choice in the language you are developing in. Or you can create your own. Here is some psuedo code to assist with creating your own.

code_verifier = randomBytes(length=43) // length to be minimum of 43 and maximum of 128
code_challenge = base64urlEncode(SHA256(ASCII(code_verifier)))

We will then use the code_challenge in the first step to start the authentication flow.

Requesting for Authorization

Assuming you have some login / register button on your storefront: When a user clicks on that button, you'll construct a link and redirect the users browser to the constructed link.

Start with your base fabric Identity endpoint /oauth/{authServer}/v1/authorize

And construct the following parameters as query parameters

{
    "client_id": {your_client_id},
    "response_type": "code",
    "scope": "openid",
    "redirect_uri": {your_oauth_callback_route},
    "state": {random_uuid},
    "code_challenge_method": "S256",
    "code_challenge": {code_challenge_from_previous_step}
}

Once constructed the link, redicect the users browser to this link. The user will then land on your fabric Identity login and registration page.

sign in screen

The user will now sign in using their credentials they have setup.

Requesting access_token from authorization code

If successful sign in the users browser will be redirected back to your application, with standard oauth query parameters set in the URL.

You need to extract the query parameters from the callback uri.

{
    "code": {the_code_to_be_used_in_next_step},
}

Make a POST request (application/x-www-form-urlencoded) to /oauth/{authServer}/v1/token with the following parameters

{
    "client_id": {your_client_id},
    "code": {code_extracted_from_query_params},
    "grant_type": "authorization_code",
    "redirect_uri": {your_oauth_token_callback_rout},
    "code_verifier" {code_verifier_from_first_step}
}

You'll recieve a response that contains the following

{
  "token_type": "Bearer",
  "expires_in": 3600,
  "access_token": "{access_token}",
  "scope": "openid",
  "id_token": "{open_id_token}"
}

Fetching the user's customer profile

Once you have obtained an access token for the user, you can fetch their customer profiles by making a request to GET http://{domain}/v1/user-party/user/{userId}

this will return you a list of customer profiles that is assosiated to the logged in user. See the next guide on creating customer profiles here