Authenticate
Introduction
The OAuth Client API provides the user-facing endpoints, enabling e.g. user creation or login, handling password reset emails, and allowing users to update their passwords within a to be build form.
How it Works
After a successful login or registration, you can log out the user by calling /logout, which will invalidate the current access and refresh tokens if necessary. To initiate a password reset, trigger the process by calling /password/send-reset-email to send a reset email, then allow the user to set a new password using /password/update-by-hash.
Capabilities
| Endpoint | Use case |
|---|---|
auth/register | This endpoint registers a new user in the system and automatically logs them in upon successful registration. |
auth/login/guest | This endpoint registers a guest user in the system. Compared to the register endpoint, multiple guest users can be created using the same email address. |
auth/login | This endpoint can be used to login an existing user. The response provides an access token and a refresh token. |
auth/logout | This endpoint allows logging out a user by automatically revoking the corresponding access and refresh tokens. |
auth/password/send-reset-email | The password reset endpoint triggers an email to the customer with a reset link, initiating the password reset flow. |
auth/password/update-by-hash | This endpoint can be used to securely update the user's password by hashing the new password, while also revoking all active tokens. |
Technical Flow
1
Initiate Login or Registration
Use
/login, /register, or /login/guest to authenticate or create a user via the Authentication Service.2
Customer Creation
Depending on the API call, the user is either authenticated (via login) or created as a new account (via registration) by the Checkout Backend System.
3
Receive Tokens
On success, the service returns an access token and a refresh token, which must be stored securely on shop side.
4
Initialize Checkout
Inject the access token into the Checkout Webcomponent to start the checkout flow.
5
Token Validation
The system will validate the JWKS with each request to check if the access token is still valid.
