Skip to main content

La Diaria: REST API Authentication Integration

Introduction

This document describes how the La Diaria store delegates user authentication to a client-owned REST API. After the external service validates the credentials, we create or link the user account and issue a secure JSON Web Token (JWT) so that the customer can access Publica.la seamlessly.

Integration Route

Endpoint: /612/embeddable-login-ui/

Integration Description

The La Diaria client owns a La Diaria Virtual Store and the authentication integration is carried out through communication with an external server (REST API) owned by the client. This server is responsible for authenticating users.

To efficiently manage authentication, a REST API-based integration is implemented.

Authentication Process

  1. When a user wants to authenticate, the system displays a form in Livewire where they can enter their identification data.
  2. Once entered, they are validated on the remote Api Rest server, which will indicate whether the user has access permissions or not.
  3. Once authentication is complete, the system returns with the necessary information to allow the user access to Publica.la.

Full Authentication Flow

  1. The user (guest) enters the store.
  2. The user presses "Log in".
  3. Integration loading:
    1. The login form is displayed.
    2. The user authenticates in the form and will identify if it is a secondary key or otherwise it will attempt to authenticate with the Api Rest server.
    3. The integration processes the user's verification and validation data, taking what is necessary to authenticate the user in the store.
    4. A JWT is generated with the email and the external_id of the user to log in to Publica.la:
      • If the user does not exist, a new user is created.
      • If the user already exists, they are linked through the email and external_id.
    5. The information is sent via postMessage to the host that contains the iframe:
      • In the App, the Token is used.
      • In Web, it is identified with an Auth Token (documentation).
  4. The user remains logged in within the platform.
  5. If the user decides to log out:
    • The session is closed in the store.
    • They can restart the authentication flow if they wish.

Representation of the Authentication Flow

X

Graph View