7.2. Seamlessly logging in users from 3rd-party systems¶
A 3rd-party system may seamlessly login a user if such user is linked to a 3rd-party system. This is especially useful for IFRAME integration where the login page may be bypassed completely.
Note
:term:`Blockchain` key is still required. Even though the user may be logged in automatically, blockchain key will still be needed for critical transactions, such as transferring the document.
Example
curl -s https://client_id:[email protected]/api/v2/companies/by-id/1/users/by-id/2/login-token/
More info about this method is available online.
Response:
{
"login_token": "aabbccdd",
"expires": "2019-03-18T08:39:38Z",
"login_url": "https://app.smartbl.io/?login_token=aabbccdd"
}
The tokens are short lived and are considered for single use. The workflow should be the following:
- Fetch the token from the API
- Render the iframe to the user with the appropriate query string
(
?login_token={login_token}
) or use thelogin_url
as the source of theIFRAME
.