UniSignIn JavaScript API

Overview

UniSignIn provides a command queue for your application or website to communicate with the UniSignIn platform to control the UniSignIn UI or get the user data.

The following JavaScript snippet defines the initial UniSignIn command queue function, so it can be used even before the tag.js library is fully loaded.

window.unisignin = window.unisignin || {}
window.unisignin.cmd = window.unisignin.cmd || []

window.unisignin.cmd.push(['signup'])

Pass optional variables, the optional variables are used to pass context info or control the message displaying on the modal box.

window.unisignin.cmd.push(['signup', STAGE, EXPERIENCE_ID, CONTEXT_ID])

STAGE: display different stages of the modal box based on ID, keep it as '' if you don't want to use stage
EXPERIENCE_ID: track which Experience triggered the modal box, keep it as '' of you don't want to track Experience
CONTEXT_ID: display a contextual message on the modal box based on ID, keep it as '' if you like to display the default message at account center modal box

window.unisignin.cmd.push(['show_dialog', 'login'])

window.unisignin.cmd.push(['show_dialog', 'home'])

Get the status of the current user

window.unisignin.cmd.push([
  'getUser',
  function (user) {
    console.log(user)
  },
])

Example response:

{
  "uid": 1955831132,
  "isLogin": true,
  "adblocker": 0
}

Listen for user status changes

window.unisignin.cmd.push([
  'register_event',
  'user_update',
  function () {
    // update UI
  },
])

Get the SSO token of the authenticated user

SSO token is an envelope contains the user info and signature.

The signature of SSO_TOKEN can be verified by SSO_PRIVATE_KEY. It can be used for exchanging user data and user login status with the user system of your application.

window.unisignin.cmd.push([
  'get_sso_token',
  'SSO_PUBLIC_KEY',
  function (data) {
    if (data.status) {
      console.log(JSON.parse(atob(data.token)))
    }
  },
])

Example response:

{
	email: "[email protected]"
	first_name: "First"
	full_name: ""
	last_name: "Last"
	public_key: "SSO_PUBLIC_KEY"
	signature: "TOKEN_SIGNATURE"
	uid: 12345676,
}

email: Email of the current user
public_key: The same SSO_PUBLIC_KEY used to issue the request
signature: TOKEN_SIGNATURE is calucated with sha512(email + '-' + SSO_PRIVATE_KEY)
uid: User ID of UniSignIn platform

Verify the signature of SSO token

Note

The verification should be done on the server-side. Never expose your SSO_PRIVATE_KEY to the public.

You have to verify the signature of the data to confirm the data is coming from UniSignIn platform by calculating signature with email and SSO_PRIVATE_KEY.

TOKEN_SIGNATURE ===
  crypto
    .createHash('sha512')
    .update(email + '-' + SSO_PRIVATE_KEY)
    .digest('hex')

TOKEN_SIGNATURE === hash('sha512', $user->email . '-' . SSO_PRIVATE_KEY);

The SSO token used to login the user into UniSignIn's system:

{
  email: "[email protected]"
  first_name: "First"
  full_name: ""
  last_name: "Last"
  public_key: "SSO_PUBLIC_KEY"
  signature: "TOKEN_SIGNATURE"
}

email: Email of the current user
public_key: The same SSO_PUBLIC_KEY used to issue the request
signature: TOKEN_SIGNATURE is calucated with sha512(email + '-' + SSO_PRIVATE_KEY)

Then the SSO token should be encrypted with base64 (using UTF8 encoding).

window.unisignin.cmd.push(['sso_login', 'sso token', callback])

UniSignIn will verify the signature to confirm the data is coming from your authentication system and return:

{"status": 1}
// or
{"status": 0}

Trace events

Send data analysis event:

window.unisignin.cmd.push(['trace', 'EVENT_NAME', KV]);