Customer Login SSO
- Host: {$$.env.store_domain}/graphql
- Protocols:
https
- Accepts:
application/json
- Responds With:
application/json
Download Spec: customer_login.json
Create a login URL for customer single-signon.
Authentication
To log in a customer using the Customer Login API, redirect the customer’s browser to the following access point URL:
https://storedomain.com/login/token/{{TOKEN}}
The {{TOKEN}}
parameter is the JWT
containing the payload data signed by your app’s OAuth client secret.
We recommend writing a script to generate a login token since the JWT
iat
(issued at) claim is only valid for 30 seconds. BigCommerce supplies helper methods for generating login tokens in our API Client Libraries.
OAuth scopes
UI Name | Permission | Parameter |
---|---|---|
Customers | login | store_v2_customers_read_only |
Customers | read-only | store_v2_customers_login |
JWT Header
{
"alg": "HS256",
"typ": "JWT"
}
JWT Payload
{
"iss": "{{CLIENT_ID}}",
"iat": "{{DATE_CREATED}}",
"jti": "{{UUID}}",
"operation": "customer_login",
"store_hash": "{{STORE_HASH}}",
"customer_id": {{CUSTOMER_ID}},
}
JWT Signature
To create the signature, sign the encoded header, the encoded payload, and client_secret using the HMAC SHA256
algorithm.
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
{{CLIENT_SECRET}}
)
Node.js example
Create urlGenerator.js
node app and install dependencies.
mkdir urlGenerator
cd urlGenerator
touch urlGenerator.js
npm init
npm install jsonwebtoken uuid
Paste the following into urlGenerator/urlGenerator.js
.
const jwt = require('jsonwebtoken');
const {v4: uuidv4} = require('uuid');
const clientId = "{{CLIENT_ID}}";
const clientSecret = "{{CLIENT_SECRET}}";
const customerId = "{{CUSTOMER_ID}}";
const storeHash = "{{STORE_HASH}}";
const storeUrl = "{{STORE_URL_ORIGIN}}";
function getLoginUrl(customerId, storeHash, storeUrl, clientId, clientSecret) {
const dateCreated = Math. round((new Date()). getTime() / 1000);
const payload = {
"iss": clientId,
"iat": dateCreated,
"jti": uuidv4(),
"operation": "customer_login",
"store_hash": storeHash,
"customer_id": customerId,
}
let token = jwt.sign(payload, clientSecret, {algorithm:'HS256'});
return `${storeUrl}/login/token/${token}`;
};
const loginUrl = getLoginUrl(customerId, storeHash, storeUrl, clientId, clientSecret);
console.log(loginUrl);
Replace {{CLIENT_ID}}
and other variables with your credentials, then run the app.
node urlGenerator.js
You should receive a complete access point URL as an output.