.. direct_sso:

===============
Direct SSO Flow
===============

To authenticate a guest via a B2B Integation
--------------------------------------------
This is the recommended method for a B2B integration such as an integrated guest website or a mobile app integration that calls the PX API from a secure backend server. 

.. image:: sso_single_party.png


Authenticate Guest
^^^^^^^^^^^^^^^^^^

.. http:post:: guestauthentication/authenticateGuest.json

1. User navigates to integrator's website (eg. https://www.myawesomewebsite.com/login)
2. User clicks the login button and is redirected to integrated login page
3. Guest enters their username and password which is transmitted to Paytronix server via API call.
4. Paytronix will respond with ``authenticatedSuccess`` or ``noMatchingGuests``
	a. If the result is a success, Paytronix will return the guest's ``primaryPrintedCardNumber`` and ``username``. These may then be used to authenticate functionality such as account balance and user information.
	b. If the result is a failure, an error should be provided to the guest. Paytronix will include additional information regarding why the message failed.
5. Login session should be managed by the integrator.

	See `Authenticate Guest <.././pxs_api_reference/guest_authentication.html#post-guestauthentication-authenticateGuest.json>`_ for more information
	
	
To authenticate a guest via a direct mobile app integation
----------------------------------------------------------
This is the recommended method for a mobile app integration that calls the PX API directly from the app rather than from a secure backend server. This may also require HMAC enforcement.

.. image:: mobile_sso.png


Request Guest Token
^^^^^^^^^^^^^^^^^^^

.. http:post:: oauth/requestGuestToken.json

1. User navigates to integrator's mobile app
2. User clicks the login button
3. Guest enters their username and password which is transmitted to Paytronix server via API call. This should be made using anonymous authentication.
4. Paytronix will respond with ``SuccessAccessRefreshTokenResponse`` if successful
5.	a. If the result is a success, Paytronix will return the guest's ``username`` along with an access and refesh token. These may then be used to authenticate functionality such as account balance and user information.
	b. If the result is a failure, an error should be provided to the guest. Paytronix will include additional information regarding why the message failed.
6. Login session should be managed by the integrator.

	See `Grant by Username and Password <.././pxs_api_reference/oauth.html#grant-by-username-and-password>`_ for more information