What is needed to integrate with a new authentication service for your app
Below is a list of what we need to integrate your authentication service with Pugpig, and we also have a general overview of how authentication works in Bolt.
This work is typically undertaken by Pugpig as part of a project, or under your support agreement. Post-launch maintenance of non-productised auth integrations is carried out under support, or is covered by your Enterprise agreement if you have one.
Before integration work can begin we need:
- Confirmation if you are using a web based authentication OAuth/PKCE flow for the sign step (which we strongly recommend) instead of a direct API call, you will also need to read and understand this document:
-
An HTTPS API that can be accessed from our Distribution platform. At a minimum we need:
- if NOT using a PKCE flow the ability to send user credentials to the API (usually username/email and password as well as a unique device ID), with the API responding returning yes, no or more information about their entitlements. Ideally the login call returns a token, which can be used for subsequent calls to the API. This is called when a user signs into the app.
- an entitlements endpoint that takes the user token and returns information about the users entitlements. This is called every time a user opens the app.
- High level documentation explaining the API. For example, explain if the system is access based (an active user gets all content) or issue/time based (an active user only gets a limited set of editions).
- Access to a working endpoint - this can be a staging or production endpoint. Production is safe as the integration only makes read only calls. It doesn't write or change any data
- An example of every kind of user you have (active/lapsed/blacklisted/print only/etc/etc)
- Any business rules explaining how we should interpret the responses, although hopefully most of this is handled by the origin subscription system
- Sessions times should be infinite, or otherwise very long, so that users do not get logged out
- If the endpoint is restricted by IP address, and Kaldor are doing the integration on the Clouds Distribution Platform, you'll need to open access to our IP addresses: https://docs.pugpig.com/urls-domains-and-linking/208008576-Distribution-Overview-Pugpig-IP-ranges