• Home
  • Pugpig Bolt
  • Authentication and Subscriptions

Authentication in Pugpig Bolt

Written by Benji Weiser

Updated at December 23rd, 2022

  • Pugpig Bolt
    Bolt apps Content and Workflows Bolt CMS Pugpig Distribution Service URLs, Domains and Linking Bolt Search Authentication and Subscriptions Bolt Analytics Push notifications Bolt Release Notes Debugging Advertising App stores
  • Pugpig Site
    Search URLs, Domains and Linking Content Management System Analytics SEO Advertising Consent Management Platform Site Release Notes Debugging Authentication and Subscriptions
  • Pugpig Archive
  • Working with Pugpig
    Pugpig Support Releasing new versions Pugpig Packs & Agreements Pugpig Policies
  • Pugpig Consulting
+ More

Table of Contents

User Authentication User Entitlement Direct Authentication vs Store Authentication Cross entitlement Testing your integration Troubleshooting

User Authentication

Authentication verifies the identity of a user, based on matching their credentials with ones that your auth provider has securely stored somewhere.

User Entitlement

Once a user has been authenticated and logged in, we then need to decide what they can access. There are 2 entitlement methods that we support. 

  1. Access based
  2. Issue based

Access based, the Netflix model, is when a user has access to everything or nothing, based solely on their subscription with you. We receive no information about any specific collections they should be able to access, only that they have access. Once the subscription expires, if they have not renewed, then they'll lose access to all content.

Issue based is when a user only has access to specific collections. We'll receive a list of entitled collections, usually the collection ID, and we'll allow access to content based on that list. This is usually determined by the date that the user's subscription began, and unlike access based, when/if their subscription expires, they'll still have access to content published within their subscription period.

By default we support access based for the app stores. Please speak to us if you wish to use issue based for the stores.

Direct Authentication vs Store Authentication

There are 2 journeys a user can go through to authenticate.

  1. Direct through your authentication provider
  2. By subscribing in-app and going through one of the respective stores

Almost always, if you have direct auth in your app, you'll also need store auth, because of app store regulations.

We support authentication via the app stores out of the box, and other than configuring in-app purchases, there's no additional work to be done to get it set up.

There are also various authentication providers that we have integrated into the Pugpig platform. If your auth solution comes from one of these providers then we may be able to get you set up with no cost or effort, just a few details. To check if your provider is one of our supported ones, check our available third party integrations article

If your provider is not one of our supported out of the box ones, you'll likely need to purchase an Authentication Pack.

---- Integration with your API

** Option 1: PKCE for Sign In

(briefly explain why we prefer it)

** Option 2: API for Sign In

  in this option Distribution is the federator

Verify Call/Entitlement Call

Cross entitlement

It's possible for you to link in-app purchases in your app to your existing auth provider. To do so we use a method called cross entitlement (or receipt postback). This allows users to either sign in with an existing account once subscribed in app, or to create a new account, so that they can access the app on other platforms.

Please refer to this article for more information about cross entitlement, including how to set it up on your back end.

Testing your integration

When we set up your auth integration, we'll create an addon on your Pugpig Distribution site, where we'll configure your auth and test it.

You can also test it on this page if you'd like using our test form. You'll be able to enter any valid login details, see what calls we're making to your auth provider, and see the responses received. This can be very useful to check where an issue lies, if there is one.

Troubleshooting

If something does go wrong with your auth, please see our welcome to support document which details steps to go through.

authentication pugpig bolt

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Alternative purchasing mechanisms for Bolt apps
  • Web-based authentication integrations in Pugpig apps using PKCE
  • Adding voucher (promo) codes for your mobile or web app
  • Integrating PKCE authentication & receipt postback for Piano
pugpig logo white
Navigation
  • Products
  • Customers
  • News
  • Podcast
Contact
  • Contact us
  • LinkedIn
  • Twitter
Technical Support
  • Status Page
  • Documentation
  • Customer Support
Corporate
  • Company
  • Jobs
  • Privacy Policy

© Kaldor Ltd. 2022

Powered by Pugpig

Expand