Login Broker

Login Broker
Features Pricing Sign up Login
Features Pricing Account Log out

Account and Configuration

Welcome @userEmail, you are ready to configure Login Broker for your app or website.

1. Tenant name

Choose a tenant name.

The tenant name cannot be changed later. It should be a short lowercase identifier for your company or app without spaces or special characters. Only letters are allowed.

Here are some examples for your inspiration: microsoft, reddit, amazon, netflix, quora

2. Fetch your API Key

The API Key appears here when you have chosen a tenant name.

YOUR_API_KEY_HERE

3. Add to your website or app

Add this script to your page:

<script src="https://cdn.jsdelivr.net/gh/Login-Broker/javascript@main/loginbroker.v1.js" />

USE IT LIKE THIS:

// Create a callback function to handle when a session is received
function handleSessionReceived(sessionId) {
  console.log('Received sessionId:', sessionId);
  // Verify the sessionId on your server-side or API and get the logged-in user email
}

// Create a callback function to handle errors
function handleErrorReceived(error) {
  console.log(‘Error happened:’, error);
}

// Create a new instance of the useLoginBroker function
const loginBroker = useLoginBroker(‘tenantName‘, ‘platform‘, handleSessionReceived, handleErrorReceived);

// Start the login process
loginBroker.startLoginProcess();

Where tenantName is the name you have chosen above.

And platform is google, facebook, microsoft, apple, linkedin or github.

If you cannot include a script or want to implement in another type of application, then you can follow this guide to implement it manually:

  1. Create a button or equivalent that the user must click to login
  2. When clicking the button, it should open a browser window.
    1. First generate a sessionId, which should be 15 random characters
    2. Then open a browser window on this address: https://social.login.broker/{tenantName}/auth/{platform}/session/{sessionId}
  3. The user is now signing in and you can check the status in two ways:
    1. Keep track of the window you opened. You can detect whether it is closed on the window.closed event
    2. Call the following endpoint to get the status: https://api.login.broker/{tenantName}/auth/status/{sessionId}
      1. This can be called from the client and will return just “pending”, “failed” or “completed”
  4. When the call is completed, send the {sessionId} from your own client to your own server-side to verify


Verify by following the step below

4. Verify

The result of the login is a “sessionId” which you need to send to your own api or handle in your server-side code. You cannot let the client verify itself.

From your server-side code, call the following endpoint:

GET https://api.login.broker/tenant-name/auth/result/sessionId

Where tenant-name is the tenant name you chose here.

And sessionId is the value you got from step 3 above.

Add a header Authorization with the value being the API Key (found above)

(If your server-side code insists on adding a “scheme” to your Authorization header, you can use the scheme: “Secret”)

The response is the following json document:

{
   "email": "The fully verified email id of the user",
   "tenantName": "your own tenant name",
   "platform": "google",
   "status": "pending or failed or completed",
   "error": ""
}

Need help? Contact nb@gyxi.com for questions or comments.