You are not logged in.   Log in | Register
Recent pages

Edit
page

New
page

Print
page
Page last modified 14:25, 17 Mar 2010 by shirly
0
Page Notifications Off
Redirect
Gigya's Developer Documentation > API Reference > Client API (JavaScript & AS3) > Methods > socialize.notifyLogin

socialize.notifyLogin

From $1

Description

This API method notifies the Gigya Socialize service that the user has been authenticated by the site. We recommend calling this method when a user logs in to your site using your own login system (the site's username and password).

The notifyLogin call registers a new user in Gigya Socialize, in case the siteUID parameter provided is new, or reconnects a returning user in case the siteUID already exists in our records.

It is essential to call notifyLogin if you are enabling users in your site to connect to social networks via Gigya (using socialize.showConnectUI or socialize.connect). The notifyLogin call allows Gigya to associate the current user's social connections with the User ID you have designated to this user. This association has several benefits:

  • Any connections the user makes to social networks will be associated with the site account. The social graph will be automatically made available the next time the user logs in to the site.
  • In calls to socialize.getUserInfo and socialize.getFriendsInfo Gigya will return your own User ID as the UID for this user.
  • Gigya will set the isSiteUser flag for this user to "true", thus even if this user is referred to as a friend of another user you can easily tell he is a user of your site and not just a friend of the visiting user.

 Please read more about integrating GS authentication and the implementation flow in our Authentication developer's guide.

 

Security Requirements

Gigya Socialize supports a mechanism to verify the authenticity of the notifyLogin call. This mechanism is used to prove that the call is in fact coming from your site, in order to prevent fraud.

We require every notifyLogin call to be signed using a HMAC-SHA1 signature. The "signature" parameter (see table of parameters below) is defined for this objective, and is a required parameter. Gigya will verify the authenticity of the signature parameter to prove that it is in fact coming from your site and not from somewhere else.

Follow the instructions in Constructing a Signature to set the signature parameter of the notifyLogin call, and make the API call as soon as possible after that to prevent the signature from expiring.

 

Syntax

gigya.services.socialize.notifyLogin(conf,params)

 

Method parameters

conf object

Please refer to the Conf object page for full specifications.

params object members

Required Name Type Description
Required siteUID string A unique identifier used by your site to identify the user. You may use the user's account ID that you have designated for this user in you database.
  timestamp string The current GMT time when request is made. The expected format is the Unix time format (i.e. the number of seconds since Jan. 1st 1970). Gigya will check the time difference between the timestamp and the time on Gigya's server when the notifyLogin request is received. If the time difference is more than 5 minutes, then the request is considered forged.
  signature   A HMAC-SHA1 signature proving the authenticity of the data. See the "Security Requirements" above for more details.
Optional callback function A reference to a callback function. Gigya will call the specified function along with the results of the API method when the API method completes.
The callback function should be defined with the following signature: functionName(response)
The "Response object Data Members" table below provides specification of the data which is passed to the callback function.
  cid string A string of maximum 100 characters length. This string will be associated with each transaction and will later appear on reports generated by Gigya, in the "Context ID" combo box. The cid allows you to associate the report information with your own internal data, for example, to identify a specific widget or page on your site/application. The "Context ID" combo box lets you filter the report data by site/application context.
Note: the value of this parameter overrides the value of the identical parameter in the Conf object.
  context object A developer-created object that will be passed back unchanged to the application as one of the fields in the response object.
  sessionExpiration integer This parameter defines the time in seconds that Gigya should keep the login session valid for the user. To end the session when the browser closes, please assign the value '0'. If this parameter is not specified, the session will be valid forever.

 

Response object Data Members

Field Type Description
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes.
operation string The name of the API method that generated this response.
context object The context object passed by the application as parameter to the API method, or null if no context object has been passed.
user User object User object with updated information for the current user. The information includes (among other), a list of the providers which the user is currently connected to.

 

Code Sample

var conf = {
    APIKey:'2_fA4cZD0cEmxKUjDdNai8hyK4fZ-Jq7w4qm1x-pkS-7E6NDm90gAmrdcugVoaewUS'
};

var secret = 'Put your secret key here'; // Obtain your secret key from the 'Site Setup' page on Gigya's website
var yourSiteUid= 'sdfsdfsd'; // siteUID should be retrieved from your user management system

function your_b64_hmac_sha1(secret, datePlusSite) { 
    var b64Sig = ''; // Place your implementation here ... 
    return b64Sig; 
}
 
function printResponse(response) {
    if ( response.errorCode == 0 ) {
        alert('After notifyLogin');    
    }
}

var dateStr = getCurrentTime();  // Current time in Unix format (i.e. the number of seconds since Jan. 1st 1970)
var datePlusSite = dateStr + "_" + yourSiteUid;
var yourSig = your_b64_hmac_sha1(secret, datePlusSite);

var params={
    siteUID:yourSiteUid,
    timestamp:dateStr,
    signature:yourSig,
    callback:printResponse
};

gigya.services.socialize.notifyLogin(conf,params);
function your_b64_hmac_sha1(secret:String, datePlusSite:String):String { 
    var b64Sig:String = ''; // Place your implementation here ... 
    return b64Sig; 
}
 
function printResponse(response:Object):void {
    if (response.errorCode == 0) {
        trace('After notifyLogin');    
    }
}

function notifyLogin():void {
	var conf:Object = {
		mcRoot:this.root,
		APIKey:'2_fA4cZD0cEmxKUjDdNai8hyK4fZ-Jq7w4qm1x-pkS-7E6NDm90gAmrdcugVoaewUS'
	};

	var secret:String = 'Put your secret key here'; // Obtain your secret key from the 'Site Setup' page on Gigya's website
	var yourSiteUid:String= 'sdfsdfsd'; // siteUID should be retrieved from your user management system
        var dateStr:String = getCurrentTime();  // Current time in Unix format (i.e. the number of seconds since Jan. 1st 1970)
	var datePlusSite:String = dateStr + "_" + yourSiteUid;
	var yourSig:String = your_b64_hmac_sha1(secret, datePlusSite);

	var params:Object={
		siteUID:yourSiteUid,
		timestamp:dateStr,
		signature:yourSig,
		callback:printResponse
	};

	gigya.services.socialize.notifyLogin(conf,params);
}

Notes:
  • This sample is not meant to be fully functional code. For brevity's sake, only the code required for demonstrating the API call itself is presented.
  • The API key in the sample will only work on http://localhost/...
  • To run the code on your own domain, modify the API key in the example to your own API key. A Gigya API Key can be obtained on the Site Setup page on Gigya's website. Please make sure that the domain you are loading the page from is the same domain name that you used for generating the API Key.
  • In some cases it is necessary to connect the user to a provider? prior to calling the API method. For connecting the user to a provider, you may use the Connect API method call or the pre-built Connect Widget.
  • Best practice is, to define one global conf object and use it throughout the application.

 

Tags:
Files (0)
 

 
© 2007 - 2010 Gigya Inc.
  • Home
  • About
  • Blog
  • Forum
  • Contact
  • Privacy Policy
  • Terms of service
    		•
    Powered by MindTouch Core v.9.02.4