Regular Web App
Last updated
Was this helpful?
Last updated
Was this helpful?
This guide demonstrates how to integrate a regular web app with SkyJoy for authentication. SkyJoy allows you to quickly add authentication to almost any application type. By following this guide, you can enhance your web app's security and user management.
To proceed, you'll need to obtain the necessary Client Credentials. These credentials are essential for authenticating your web app with SkyJoy.
Contact () to get Client Credentials.
In a regular web application:
Your web browser requests access.
Your App Server redirects the user to SkyJoy Authentication Site.
The users input info.
SkyJoy Authentication Site sends the user info to SkyJoy Authentication Server.
SkyJoy Authentication Server callback Authorization Code to your App Server.
Your App Server requests exchanges User Access Token/ Refresh Token.
SkyJoy Authentication Server responds with the User Token.
For authentication server, use this Base URL below:
This section will provide step-by-step instructions for integrating your web app with SkyJoy for authentication.
To enable users to log in, your application will redirect them to the Authentication page. Initiate the authentication process by constructing an authentication URL with the following parameters:
Parameter
Parameter name
Description
baseURL
The URL of the SkyJoy authentication server
clientId
Your unique client identifier obtained from the SkyJoy team
redirectUri
The URL to which SkyJoy will redirect the user after successful authentication
scopes
Contain value 'openid dob phone profile email'
state
Contain value 'your-random-state-value'
. You can generate a random value for CSRF protection.
nonce
Contain value 'your-random-nonce-value'
. You can generate a random value for ID Token replay protection
Sample
The UI of the SkyJoy login page when directing users to the authentication site.
After the user completes the authentication on the SkyJoy page, they will be redirected back to your web app's redirectUri
. Here's how you can handle the authentication flow:
The handleToken
function is called when users are redirected back to your redirectUri
. It checks for the presence of an authorization code in the URL.
If a code is present, it can be used to request access token and then get the user's identity. If the code is absent or invalid, you can handle the authentication failure as needed.
To exchange the authorization code for an access token and refresh token, the client applications perform a POST request to SkyJoy Authentication Server.
Sample
Now that your users can log in, you will likely want to be able to retrieve the profile associated with authenticated users. For example, you may want to be able to personalize the user interface by displaying a logged-in user’s name or phone number.
This method provides user information through the access token. The client application sends a GET request to the specified URL with the access token included in the Authorization header. The server responds with the user's profile data in a JSON format, including various user attributes such as Sky ID, email verification status, full name, or phone number.
GET
{{base_url}}/protocol/openid-connect/userinfo
Authorization*
String
Bearer {{user_access_token}}
app-id*
{{client-id}}
To properly handle logout, we need to clear the session and log the user out of SkyJoy. The client application sends a POST request to the specified URL with the user's refresh token provided in the body. The server responds with a success message indicating the user has been logged out successfully.
POST
{{base_url}}/protocol/openid-connect/logout
Content-Type*
String
application/x-www-form-urlencoded
app-id*
String
{{client-id}}
client_id*
String
{{client-id}}
refresh_token*
String
<user refresh token>