This document explains sample JavaScript code snippets for Token Based Authentication in separate sections below.


Authentication process

The authentication process is given below:
  • If a user is already logged in to merchant website, we do not want the user to go through the authentication process again for ShopSocially’s Loyalty Program. We would seamlessly want the user to become ShopSocially’s Loyalty Program user. To achieve this purpose, we have Token Based Authentication. 
  • In Token Based Authentication, you would need to pass us a token which ideally should be differently generated for each session, yet at any given time uniquely identifies a logged-in user (just like a session identifier).
  • ShopSocially will then read this token and make a GET request to merchant’s endpoint (needs to be implemented by merchant) which is expected to read this token and return the required user information in the response. Refer to Figure: Authentication Process. This figure explains the entire process.

Figure: Authentication Process

  •  Along with the seamless authentication of a merchant’s user into ShopSocially’s loyalty program, we would also need seamless logout functionality so that when a user is logged out of merchant’s website, he would get logged out of ShopSocially as well. 
  • For this purpose, ShopSocially provides a JavaScript logout functionality. 
  • Pseudo – code JavaScript snippets for handling both authentication and logout scenarios are given below. These are ready to use snippets. You would just need to insert the logic of determining whether a user is logged in to merchant website or not and the logic to get the access token that uniquely identifies a logged in user.

JavaScript pseudo-codes for Authentication and Logout

The details of the JavaScript pseudo-codes for Authentication and Logout, and sample code are given below:
  • This code can go on all the pages that are going to load the ShopSocially all.js JavaScript
  • This pseudo code contains both the javascript code for authentication and also handles the logout functionality. 
  • Please note that this is just a sample pseudo code and the developer implementing this will need to make necessary amendments wherever suggested (in italics).

<script language="javascript" type="text/javascript">
    var user_info = {};
    var is_user_logged_into_merchant_website = <true or false depending on whether a user is logged into merchant     site>;
    user_info.access_token = <set access token here. It is recommended that the access token be different for
    different session yet should uniquely identify a user at any given time>;
 
    /*define the function*/
    authenticate_ss_loyalty_user = function () {
        if(typeof ss_mi === 'undefined'){
             return setTimeout(authenticate_ss_loyalty_user, 1000);
        }else if (!ss_mi.is_loyalty_user_logged_in()){
             ss_mi.authenticate_loyalty_user(user_info);
        }
    }

    /*Call the above defined function if user is logged into merchant*/
    if(is_user_logged_into_merchant_website) {
        authenticate_ss_loyalty_user();
    }

    /* loyalty authentication success and failure handlers. To override ShopSocially’s default success and failure  
    handlers these two have to be present */
    window.ssmi_authenticate_loyalty_user_success_handler = function() {
    };
    window.ssmi_authenticate_loyalty_user_failure_handler = function() {
    };
 
//Define Logout function
check_and_logout_ss_user = function () {
var is_user_logged_in_to_merchant_website = <true or false depending on whether a user is logged into merchant site>
if(!is_user_logged_in_to_merchant_website) {
    if(typeof ss_mi === 'undefined'){
        return setTimeout(check_and_logout_ss_user, 1000);
    } else {
      if(!ss_mi.partner_id) {
        return setTimeout(check_and_logout_ss_user,1000);
      } else {
        var isloyaltyUserLoggedIn = ss_mi.is_loyalty_user_logged_in();
        if(isloyaltyUserLoggedIn == true){
            ss_mi.logout_loyalty_user();
        }
      }
    }
  }
};

//Call the function
check_and_logout_ss_user();

// The blank functions need to be present on the page so that ShopSocially default handlers are overriden
window.ssmi_logout_loyalty_user_success_handler = function() {
    //blank function
}
window.ssmi_logout_loyalty_user_failure_handler = function() {
    //blank function
}
</script>

Pseudo-code for Loyalty User Endpoint

The details of the Pseudo-code for Loyalty User Endpoint , and sample code are given below:
  • For Token Based Authentication, the Loyalty User Endpoint URL must be specified in the ShopSocially Merchant Center > Loyalty > Dashboard Config > User Endpoint field. 
  • ShopSocially will make a GET request to this URL at merchant’s end with the access token as a request parameter. 
  • Below is a sample URL and a python pseudo-code that shows the function that is expected from this endpoint:
http://merchantwebsite.com/ssauth/getmerchantUser 

def getMerchantUser():
    import json
    user = {‘first_name’:’’, ’last_name’:’’, ‘email’:’’, ‘uid’:’’}
    partner_id = request.params.get(‘merchant_id’, None)
    access_token = request.params.get(‘access_token’, None)
if (partner_id is equal to the merchant’s ShopSocially partner ID):
      //get Merchant user from DB which corresponds to this access_token
      merchant_user = getMerchantUserFromDB(access_token)
      user[‘first_name’] = merchant_user.firstName
      user[‘last_name’] = merchant_user.last_name
      user[‘email’] = merchant_user.email
      user[‘uid’] = merchant_user.id
      //uid is supposed to be the unique identifier that identifies a single user. //The difference between uid and 
      access_token is that uid is the primary key //that identifies a unique user in the database whereas access_token       //identifies a unique user for any login session. So, for one user, access //token could be different for all the
      different times the user logs in(just //like session identifier) but uid will be the same all the time.
return json.dumps(user)