docs
  1. Authentication & Accounts
  2. Authentication API
  3. Authenticate

Authenticate

Introduction

The OAuth Client API provides the user-facing endpoints, enabling e.g. user creation or login, handling password reset emails, and allowing users to update their passwords within a to be build form.

{% content-ref url="https://app.gitbook.com/o/mRQMW2w7m6hBdzapMDC8/s/XrZ7fE7Ricr49KbZwHNK/" %} Authentication API

How it Works

After a successful login or registration, you can log out the user by calling /logout, which will invalidate the current access and refresh tokens if necessary. To initiate a password reset, trigger the process by calling /password/send-reset-email to send a reset email, then allow the user to set a new password using /password/update-by-hash.


Capabilities

EndpointUse case
auth/registerThis endpoint registers a new user in the system and automatically logs them in upon successful registration.
auth/login/guestThis endpoint registers a guest user in the system. Compared to the register endpoint, multiple guest users can be created using the same email address.
auth/loginThis endpoint can be used to login an existing user. The response provides an access token and a refresh token.
auth/logoutThis endpoint allows logging out a user by automatically revoking the corresponding access and refresh tokens.
auth/password/send-reset-emailThe password reset endpoint triggers an email to the customer with a reset link, initiating the password reset flow.
auth/password/update-by-hashThis endpoint can be used to securely update the user's password by hashing the new password, while also revoking all active tokens.

Technical Flow

1
Initiate Login or Registration
Use /login, /register, or /login/guest to authenticate or create a user via the Authentication Service.
2
Customer Creation
Depending on the API call, the user is either authenticated (via login) or created as a new account (via registration) by the Checkout Backend System.
3
Receive Tokens
On success, the service returns an access token and a refresh token, which must be stored securely on shop side.
4
Initialize Checkout
Inject the access token into the Checkout Webcomponent to start the checkout flow.
5
Token Validation
The system will validate the JWKS with each request to check if the access token is still valid.