Guest Website Redirect Flow¶
To authenticate a guest using their Paytronix account information¶
User navigates to integrator’s website (eg. https://www.myawesomewebsite.com/login)
- User clicks the login button and is redirected to Paytronix’s guest website, passing in the following GET parameters:
- “state” optional - An opaque value that should be used by the client to maintain state between the request and callback. See OAuth 2.0 IETF RFC6749 for more information
- “redirect_uri” required - A allow-listed Uniform Resource Identifier (URI) to which the guest may be redirected after an authorization grant is issued (Must be provided to Paytronix before integrating)
- “client_id” required - A Paytronix issued id for which the authorization grant is issued
- “scope” optional - A space separated sequence of values representing the requested access scope. Values are ‘account_read’, ‘account_write’, ‘user_read’, ‘user_write’
- “response_type” required - Must be ‘code’
eg. https://myawesomesite.myguestaccount.com/guest/accountlogin?response_type=code& client_id=awesomesite&redirect_uri=https%3A%2F%2Fwww.myawesomewebsite.com%2Flogin
- On successfully logging in, an authorization grant will be issued for the client_id and the guest will be redirected to the URI passed in. Note: This grant will expire 5 minutes after being generated.
eg. https://myawesomesite/login?code=APA91bFdV3CWmJpMors50gWwQqtmmwxYKpyy1&expires_in=300
The client should then make a requestGuestToken call to the Paytronix to obtain an access and refresh token pair.
- If the result is a success, Paytronix will return the guest’s username, an access token and a refresh token. The access token may then be used to authenticate functionality such as account balance and user information.
- If the result is a failure, an error should be provided to the guest. Paytronix will include additional information regarding why the message failed.
See Grant By Authorization Grant for more information