The principles behind remote authenication
Remote authentication works by a secret shared between you and vLex, called the authentication token. This secret is used by a piece of code placed in your server to generate a link to vLex that includes this information:
- the name of the user
- the e-mail of the user
- your account ID in vLex
- a timestamp of when has the link been created
- a "hash" parameter that's computed from the rest of the parameters plus the shared authenication token. This hash parameter lets us validate that the user has been pre-authenticated by you.
When the user clicks on the link vLex will check that the link is valid and the hash value correct, and if that's the case one of this two things will happen:
- if there's already an account in vLex with this email address, the user will be logged in to this account
- if there's not yet any user with this email address, a new account will be automatically created and the user will be loged in to this new account
What do I need to do?
You need to create a page in your private website. This page must check that the user is correctly logged in to you private website, and if that's the case, make an HTTP redirect to the authenticated link.
How is the link built?
vLex provides sample code so you don't need to program it. But if you want to program your own code this is how it's done:
- The url of the link must be http://vlex.com/session/remote_auth
- The link must contain this GET parameters
- name: the name of the user. For example: John Smith
- email: the email of the user
- timestamp: the moment when the link is generated, encoded as seconds since the Unix Epoch. For example: 1049896564
- account_id: your accoutn ID in vLex. It will proveed to you when activating the remote authentication option from your account.
- hash: the value used to validare the rest of the fields. It is computed as:
Were "+" represents string concatenation. Take into account that to the hash value is sensitive to the order of the fields.
Token is the shared secret between you and vLex. You will be given this value when activating the the remote authentication option from your account.
Where is the sample code
It's available at http://github.com/vlex/remote_auth
If your programming language of choice it's not included do not hesitate to contact firstname.lastname@example.org.