User Authentication

Authentication verifies the identity of a user, based on matching their credentials with ones that your auth provider has securely stored somewhere.

User Entitlement

Once a user has been authenticated and logged in, we then need to decide what they can access. There are 2 entitlement methods that we support. 

1. Access based
2. Issue based

Access based, the Netflix model, is when a user has access to everything or nothing, based solely on their subscription with you. We receive no information about any specific collections they should be able to access, only that they have access. Once the subscription expires, if they have not renewed, then they'll lose access to all content.

Issue based is when a user only has access to specific collections. We'll receive a list of entitled collections, usually the collection ID, and we'll allow access to content based on that list. This is usually determined by the date that the user's subscription began, and unlike access based, when/if their subscription expires, they'll still have access to content published within their subscription period.

By default we support access based for the app stores. Please speak to us if you wish to use issue based for the stores.

Direct Authentication vs Store Authentication

There are 2 journeys a user can go through to authenticate.

1. Direct through your authentication provider
2. By subscribing in-app and going through one of the respective stores

Almost always, if you have direct auth in your app, you'll also need store auth, because of app store regulations.

We support authentication via the app stores out of the box, and other than configuring in-app purchases, there's no additional work to be done to get it set up.

There are also various authentication providers that we have integrated into the Pugpig platform. If your auth solution comes from one of these providers then we may be able to get you set up with no cost or effort, just a few details. To check if your provider is one of our supported ones, check our available third party integrations article

If your provider is not one of our supported out of the box ones, you'll likely need to purchase an Authentication Pack.

Web-based PKCE auth

We very strongly recommend PKCE over a native login flow. It is more secure, compliant with industry standards and best practices, integrates well with other flows and is supported by most major auth providers. It will also cost less to develop and can be rolled out faster. If you're interested in Web-based authentication integrations in Pugpig apps using PKCE we have a whole detailed doc on it.

Cross entitlement

It's possible for you to link in-app purchases in your app to your existing auth provider. To do so we use a method called cross entitlement (or receipt postback). This allows users to either sign in with an existing account once subscribed in app, or to create a new account, so that they can access the app on other platforms.

Please refer to this article for more information about cross entitlement, including how to set it up on your back end.

Testing your integration

When we set up your auth integration, we'll create an addon on your Pugpig Distribution site, where we'll configure your auth and test it.

You can also test it on this page if you'd like using our test form. You'll be able to enter any valid login details, see what calls we're making to your auth provider, and see the responses received. This can be very useful to check where an issue lies, if there is one.

Troubleshooting

If something does go wrong with your auth, please see our welcome to support document which details steps to go through.