OAuth
We support the usage of other OAuth servers, both for users with existing authentication and for those without any existing OAuth setup.
Requirements
You have your OAuth server set*up
The OAuth server must have an endpoint to return user details based on the token (commonly referred to as a
/userendpoint). Below is an example of how the user endpoint URL might look:The OAuth server authenticates the user onto the same domain as the website on which the web app is located
The Authentication token is published as either a cookie or localStorage item onto the client browser
If using a cookie, the cookie domain and path should allow access on the domain on which the web app is located
'https://<YOUR_AUTH0_DOMAIN>/userinfo'
User Endpoint Requirements
The user endpoint should return the following information to ensure your users don't need to supply this upon logging in:
- Email address
- Forename
- Surname
- Address Line 1
- City
- Postcode
- Country
- Tel (Daytime)
Additionally, we accept the following information, which will be inserted into the user account if supplied:
- Username
- ExternalRef
- Company Name
- Address Line 2
- County
We also accept the following Boolean for user outbid email configuration:
outbidEmailsOk- If the property is set totrue, outbid notification emails will be sent to the user. If set tofalse, they will not. If omitted or set to an empty string, the web application outbid emails configuration will be used instead.
Scenario With an Existing Authentication
If you have an existing OAuth server for authentication, you can integrate it with the Webtron Auction platform as follows:
- Ensure that your existing OAuth server is set up to authenticate users on the same domain as the website on which the web app is located.
- Make sure that the OAuth server issues an authentication token that can be published either as a cookie or a localStorage item on the client browser.
- Decide on a token name (eg.
authToken) for your cookie or localStorage item. - The OAuth server must have an endpoint to return user details based on the token (often referred to as a
/userendpoint).
Scenario Without an Existing Authentication
If you do not have an existing authentication, you can still integrate OAuth by setting up an OAuth server and obtaining an authentication token.
- The
tokenNamecan be anything you prefer if you don't have an existing token name (eg.authToken). - You will need to store the token in either a cookie or localStorage for the client browser to access.
- The
loginUrlshould include thescopeparameter, which should containopenid profile emailto ensure that all necessary user information is gathered.
Example Login URL
Your loginUrl should look something like this:
loginUrl: 'https://www.yourdomain.com/auth?redirect_to=<<REDIRECT>>&scope=openid%20profile%20email'
In this scenario, it's common to create a new page called /auth to handle the authentication response and extract the access token from the URL.
Example Auth Page to Store the Token
Below is an example of how you can create an /auth page to extract the access_token from the URL and store it either in a cookie or localStorage.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Auth Page</title>
</head>
<body>
<script>
// Extract the access token from the URL hash
const hash = window.location.hash.substring(1);
const params = new URLSearchParams(hash);
const accessToken = params.get("access_token");
if (accessToken) {
// Store the token in localStorage
localStorage.setItem("authToken", accessToken);
// Optionally, store the token as a cookie
document.cookie = "authToken=" + accessToken + "; path=/";
// Redirect to the main page after storing the token
window.location.href = "/";
} else {
console.error("Access token not found in URL");
}
</script>
</body>
</html>
Setup
Contact support@webtron.com.au, supplying us with the user endpoint URL, HTTP Method (e.g., GET / POST), and an example response. We will then update this on your account.