.. sso_guest_website:

===========================
Guest Website Redirect Flow
===========================

To authenticate a guest using their Paytronix account information
-----------------------------------------------------------------

.. image:: sso_flow.png

1. User navigates to integrator's website (eg. https://www.myawesomewebsite.com/login)
2. User clicks the login button and is redirected to Paytronix's guest website, passing in the following GET parameters:
	* "state" 			optional - An opaque value that should be used by the client to maintain state between the request and callback. See `OAuth 2.0 IETF RFC6749 <https://tools.ietf.org/html/rfc6749#section-4.1.1>`_ for more information
	* "redirect_uri" 	required - A allow-listed Uniform Resource Identifier (URI) to which the guest may be redirected after an authorization grant is issued (Must be provided to Paytronix before integrating)
	* "client_id"		required - A Paytronix issued id for which the authorization grant is issued
	* "scope"			optional - A space separated sequence of values representing the requested access scope. Values are 'account_read', 'account_write', 'user_read', 'user_write'
	* "response_type"	required - Must be 'code'

	eg. https://myawesomesite.myguestaccount.com/guest/accountlogin?response_type=code&
	client_id=awesomesite&redirect_uri=https%3A%2F%2Fwww.myawesomewebsite.com%2Flogin
3. On successfully logging in, an authorization grant will be issued for the client_id and the guest will be redirected to the URI passed in. Note: This grant will expire 5 minutes after being generated.
	eg. https://myawesomesite/login?code=APA91bFdV3CWmJpMors50gWwQqtmmwxYKpyy1&expires_in=300
4. The client should then make a requestGuestToken call to the Paytronix to obtain an access and refresh token pair.
5.	a. If the result is a success, Paytronix will return the guest's username, an access token and a refresh token. The access token may then be used to authenticate functionality such as account balance and user 		information.
	b. If the result is a failure, an error should be provided to the guest. Paytronix will include additional information regarding why the message failed.

	See `Grant By Authorization Grant <.././pxs_api_reference/oauth.html#grant-by-authorization-grant>`_ for more information