UniSignIn JavaScript API

Overview

UniSignIn provides a command queue for your application or website to communicate with the UniSignIn platform to control the UniSignIn UI or get the user data.

The following JavaScript snippet defines the initial UniSignIn command queue function, so it can be used even before the tag.js library is fully loaded.

window.unisignin = window.unisignin || {}
window.unisignin.cmd = window.unisignin.cmd || []

Display Sign Up modal

window.unisignin.cmd.push(['signup'])

Pass optional variables, the optional variables are used to pass context info or control the message displaying on the modal box.

window.unisignin.cmd.push(['signup', STAGE, EXPERIENCE_ID, CONTEXT_ID])
  • STAGE: display different stages of the modal box based on ID, keep it as '' if you don't want to use stage
  • EXPERIENCE_ID: track which Experience triggered the modal box, keep it as '' of you don't want to track Experience
  • CONTEXT_ID: display a contextual message on the modal box based on ID, keep it as '' if you like to display the default message at account center modal box

Display Login Modal

window.unisignin.cmd.push(['show_dialog', 'login'])

Display My Home Modal for the logged in users

window.unisignin.cmd.push(['show_dialog', 'home'])

Get the status of the current user

window.unisignin.cmd.push([
  'getUser',
  function (user) {
    console.log(user)
  },
])

Example response:

{
  "uid": 1955831132,
  "isLogin": true,
  "adblocker": 0
}

Listen for user status changes

window.unisignin.cmd.push([
  'register_event',
  'user_update',
  function () {
    // update UI
  },
])

Get the SSO token of the authenticated user

SSO token is an envelope contains the user info and signature.

The signature of SSO_TOKEN can be verified by SSO_PRIVATE_KEY. It can be used for exchanging user data and user login status with the user system of your application.

window.unisignin.cmd.push([
  'get_sso_token',
  'SSO_PUBLIC_KEY',
  function (data) {
    if (data.status) {
      console.log(JSON.parse(atob(data.token)))
    }
  },
])

Example response:

{
    email: "[email protected]"
    first_name: "First"
    full_name: ""
    last_name: "Last"
    public_key: "SSO_PUBLIC_KEY"
    signature: "TOKEN_SIGNATURE"
    uid: 12345676,
}
  • email: Email of the current user
  • public_key: The same SSO_PUBLIC_KEY used to issue the request
  • signature: TOKEN_SIGNATURE is calucated with sha512(email + '-' + SSO_PRIVATE_KEY)
  • uid: User ID of UniSignIn platform

Verify the signature of SSO token

The verification should be done on the server-side. Never expose your SSO_PRIVATE_KEY to the public.

You have to verify the signature of the data to confirm the data is coming from UniSignIn platform by calculating signature with email and SSO_PRIVATE_KEY.

TOKEN_SIGNATURE ===
  crypto
    .createHash('sha512')
    .update(email + '-' + SSO_PRIVATE_KEY)
    .digest('hex')
TOKEN_SIGNATURE === hash('sha512', $user->email . '-' . SSO_PRIVATE_KEY);