Auto Login Specification for Pugpig Bolt Web Reader
Table of Contents
Bolt Web supports the ability to automatically sign users in if they're already signed in to another specified website. A key use case for this is customers using Bolt Web as their solution for edition reading, while the rest of their content or experience is hosted elsewhere.
This doc details how this needs to be set up across both Bolt Web and the other site(s) in order to work seamlessly.
Auto login via a cookie
1. Auth Setup
Both the Client Website and Pugpig Bolt Web reader should have authentication fully configured (so theoretically we can login via the user interface if needed).
2. Cross Domain Cookie
Once logged in, the client website should drop a cross-domain cookie containing the authentication token.
The cookie should be made accessible to the Pugpig Bolt Web domain (e.g. app.clientname.com).
The cookie name should preferably be human readable such as: _client-session-token.
3. Notification of Cookie Name
Pugpig should be notified of the cookie name so that the product can be configured to read from it when it exists.
4. Login Verification
If the setup is correct, when a Bolt Web reader is visited, it should verify the token and log in using the cookie. Once you have provided us with the cookie name we will test end to end and confirm everything is working as expected.
Alternative mechanism - auto login via query parameter
If signing users in via a cross-domain cookie isn't suitable for your purposes, we can also configure the web reader to sign users in based on an authentication token passed on a query string.
For example if you're sending users from your website or app to https://app.yourpublication.com, you would append (for example) ?access_token=<token> to that URL.
Note that the token you send must be recognised by the subscription system your web reader is already integrated with, or we can discuss adapting your existing setup.