Progress will discontinue Telerik Platform on May 10th, 2018. Learn more

Integrating Social Login

Integrating Social Login

The Backend Services RESTful API provides these operations for registering and authenticating users coming from social authentication providers such as Facebook, Google, and Microsoft Account:

Prerequisites

  • Ensure that you have enabled the provider that you want to use.
  • Obtain an OAuth token for the user. Refer to the social authentication provider's official documentation for more information:

Registration/Login

You register or log in a social user by making a POST request to the built-in Users content type and setting the appropriate Provider in the payload (see the table). The first invocation of the operation for a user creates a new user account. Subsequent invocations log in the user to Telerik Platform. See Social Authentication for more information.

Provider Value Use for Provider
Facebook Facebook
Google Google
LiveID Microsoft Account
Twitter Twitter

In the payload, you also need to pass the OAuth token that you obtained from the social authentication provider as Token. For Twitter, add the access token secret as well as TokenSecret. For example:

  • For Facebook, Google, and LiveID:

    Request:
        POST https://api.everlive.com/v1/your-app-id/Users
    Headers:
         Content-Type: application/json
    Payload - raw:
        {
            "Identity": {
                "Provider": "Facebook",
                "Token": "your-facebook-token-here"
            }
        }
    Response:
        Status: 201 Created
        Content-Type: application/json
        Body: {
            Id: 'user id',
            CreatedAt: 'date',
            access_token: 'Telerik Platform token',
            token_type: 'bearer'
        }
        -Or:-
        Status: 200 OK
        Content-Type: application/json
        Body: {
            access_token: 'Telerik Platform token',
            token_type: 'bearer'
    
        }
    
    var user = {
        "Identity": {
            "Provider": "Facebook",
            "Token": "your-facebook-token-here"
        }
    };
    $.ajax({
        type: "POST",
        url: 'https://api.everlive.com/v1/your-app-id/Users',
        contentType: "application/json",
        data: JSON.stringify(user),
        success: function(data){
            alert(JSON.stringify(data));
        },
        error: function(error){
            alert(JSON.stringify(error));
        }
    });
    

    Developers who have been using the Google Access Token (access_token) parameter to authenticate users are strongly advised to migrate to using the Google ID Token (id_token) parameter instead. Doing so significantly boosts your app security because Telerik Platform can verify the aud claim contained in the token. Note that you also need to enter a Client Id when enabling Google Login, otherwise Telerik Platform skips this verification.

  • For Twitter:

    Request:
        POST https://api.everlive.com/v1/your-app-id/Users
    Headers:
         Content-Type: application/json
    Payload - raw:
        {
            "Identity": {
                "Provider": "Twitter",
                "Token": "your-twitter-token-here",
                "TokenSecret": "your-twitter-token-secret-here"
            }
        }
    Response:
        Status: 201 Created
        Content-Type: application/json
        Body: {
            Id: 'user id',
            CreatedAt: 'date',
            access_token: 'everlive token',
            token_type: 'bearer'
        }
        -Or:-
        Status: 200 OK
        Content-Type: application/json
        Body: {
            access_token: 'everlive token',
            token_type: 'bearer'
    
        }
    
    var user = {
        "Identity": {
            "Provider": "Twitter",
            "Token": "your-twitter-token-here",
            "TokenSecret": "your-twitter-token-secret-here"
        }
    };
    $.ajax({
        type: "POST",
        url: 'https://api.everlive.com/v1/your-app-id/Users',
        contentType: "application/json",
        data: JSON.stringify(user),
        success: function(data){
            alert(JSON.stringify(data));
        },
        error: function(error){
            alert(JSON.stringify(error));
        }
    });
    

On success, the operation returns an object containing a Telerik Platform access token (not to be mistaken with the OAuth token) and its type in the access\_token and token\_type fields that can be used with further Backend Services Android SDK operations.

If a new user account has been created, the response also contains the Id of the new user account along with its CreatedAt date on the server.

Linking with an OAuth Provider

You link a social user to an existing Telerik Platform user account by making a POST request to the link endpoint of the built-in Users content type. The request should be authorized by a Telerik Platform bearer token valid for the specific user or by your MasterKey.

In the payload, set the OAuth token that you obtained from the social authentication provider as Token and the provider name. For Twitter, add the access token secret as TokenSecret as well. For example:

  • For Facebook, Google, and LiveId:

    Request:
        POST https://api.everlive.com/v1/your-app-id/Users/item-id/link
    Headers:
        Content-Type: application/json
        Authorization:  Bearer your-access-token-here
    Payload - raw:
        {
            "Provider": "Facebook",
            "Token": "your-facebook-token-here"
        }
    Response:
        Status: 200 OK
        Content-Type: application/json
        Body: {}
    
    var user = {
        "Provider": "Facebook",
        "Token": "your-facebook-token-here"
    };
    $.ajax({
        type: "POST",
        url: 'https://api.everlive.com/v1/your-app-id/Users/item-id/link',
        headers: {"Authorization" : "Bearer your-access-token-here"},
        contentType: "application/json",
        data: JSON.stringify(user),
        success: function(data){
            alert(JSON.stringify(data));
        },
        error: function(error){
            alert(JSON.stringify(error));
        }
    });
    

    Developers who have been using the Google Access Token (access_token) parameter to authenticate users are strongly advised to migrate to using the Google ID Token (id_token) parameter instead. Doing so significantly boosts your app security because Telerik Platform can verify the aud claim contained in the token. Note that you also need to enter a Client Id when enabling Google Login, otherwise Telerik Platform skips this verification.

  • For Twitter:

    Request:
        POST https://api.everlive.com/v1/your-app-id/Users/item-id/link
    Headers:
        Content-Type: application/json
        Authorization:  Bearer your-access-token-here
    Payload - raw:
        {
            "Provider": "Twitter",
            "Token": "your-twitter-token-here",
            "TokenSecret": "your-twitter-token-secret-here"
        }
    Response:
        Status: 200 OK
        Content-Type: application/json
        Body: {}
    
    var user = {
        "Provider": "Twitter",
        "Token": "your-twitter-token-here",
        "TokenSecret": "your-twitter-token-secret-here"
    };
    $.ajax({
        type: "POST",
        url: 'https://api.everlive.com/v1/your-app-id/Users/item-id/link',
        headers: {"Authorization" : "Bearer your-access-token-here"},
        contentType: "application/json",
        data: JSON.stringify(user),
        success: function(data){
            alert(JSON.stringify(data));
        },
        error: function(error){
            alert(JSON.stringify(error));
        }
    });
    

Unlinking from an OAuth Provider

You unlink a social user from an existing Telerik Platform user account by making a POST request to the unlink endpoint of the built-in Users content type. The request should be authorized by a Telerik Platform bearer token valid for the specific user or by your MasterKey.

In the payload, set the Provider that you are unlinking from. For example:

Request:
    POST https://api.everlive.com/v1/your-app-id/Users/item-id/unlink
Headers:
    Content-Type: application/json
    Authorization:  Bearer your-access-token-here
Payload - raw:
    { "Provider": "Facebook" }
Response:
    Status: 200 OK
    Content-Type: application/json
    Body: {}
var user = {
    "Provider": "Facebook"
};
$.ajax({
    type: "POST",
    url: 'https://api.everlive.com/v1/your-app-id/Users/item-id/unlink',
    headers: {"Authorization" : "Bearer your-access-token-here"},
    contentType: "application/json",
    data: JSON.stringify(user),
    success: function(data){
        alert(JSON.stringify(data));
    },
    error: function(error){
        alert(JSON.stringify(error));
    }
});
Contact us: +1-888-365-2779
sales@telerik.com
Copyright © 2016-2017, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.