Guide

Auto-Login Endpoint

This article describes how to use the Aurora login endpoint to automatically login a user using either their Email Address and Password or a User/Customer Auth Token retrieved from the Aurora Customer Auth API.

Suggest Edits

Introduction

The Auto-Login endpoint supports two different methods of automatically logging in a user and can respond in different ways depending on the supplied request parameters.

All requests should be submitted to the following endpoint:

https://www.your-domain.com/login

❗️

All parameters should be submitted over HTTPS using POST to avoid sensitive information appearing within service access logs.

Login using Email Address and Password

To login with a users Email Address and Password simply submit the following POST parameters to the Auto-Login endpoint:

Parameter nameTypeDescription
login_email_addressstringThe email address for the user.
login_passwordstringThe password for the user.

Login using User/Customer Auth Token

To login with a User/Customer Auth Token retrieved from the Aurora Customer Auth API, simply submit the following POST parameters to the Auto-Login endpoint:

Parameter nameTypeDescription
user_auth_tokenstringUser/Customer Auth Token for the users authentication session.

Authentication Status

The Auto-Login endpoint will always respond with one of the following Authentication Statuses, irrespective of the response format (see below).

Parameter nameDescription
SUCCESSThe user has been successfully logged in.
ERRORThe user could not be logged in.
INVALIDThe Customer Auth Token signature cannot be verified.
EXPIREDThe Customer Auth Token has expired.

The authentication status is always included within the response headers as follows:

X-Aurora-Authorization-Status: SUCCESS

Response Formats

The Auto-Login endpoint can respond in different ways depending on the request parameters.

JSON Response

The Auto-Login endpoint will always respond with a JSON response by default and there is no explicit request parameters required.

An example JSON response:

[true, 'You have been logged in successfully', 'SUCCESS']

Where:

Array indexTypeDescription
0booleanAuthentication indicator i.e.

true where the user has been successfully logged in.

false where the user has not been logged in.
1stringAuthentication message detail.
2stringAuthentication Status.

HTTP Header Response

The Auto-Login endpoint can respond with a HTTP Header instead of a JSON array where the appropriate parameters are provided, namely:

Parameter nameTypeDescription
response_actionstringThe action to take on successful login.
response_error_actionThe action to take on failure to login.

HTTP Redirection on Successful Authentication

The Auto-Login endpoint will respond with a HTTP redirection header where the response_action POST request parameters are provided and the login was successful, according to the following values:

Parameter nameTypeDescription
redirect_homestringRedirect to the Aurora home page.
redirect_membersstringRedirect to the Members area.
redirect_basketstringRedirect to the basket.

HTTP Header on Failed Authentication

The Auto-Login endpoint will respond with a 401 Unauthorized header where the response_error_action POST request parameters are provided and the login failed, according to the following values:

Parameter nameTypeDescription
http_headerstringIndicates that the endpoint should respond with an unauthorised header on login failure.

The response content in this case will be sourced from the following template in your root template directory:

401.tpl.html

An example 401 template is as follows:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>401 Authorization Required</TITLE>
</HEAD>
<BODY>
<H1>Authorization Required</H1>
<P>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<HR />
<ADDRESS>
Web Server at Aurora Commerce
</ADDRESS>
</BODY>
</HTML>

Updated over 2 years ago