Skip to main content

Consumer User Authentication

1. SAML (Security Assertion Markup Language)

SAML enables companies to provide single sign-on (SSO) capabilities, ensuring secure authentication across platforms. Here's how it works:

Configuration: The company configures their Identity Provider (IdP) to integrate with our API.
Authentication: When a consumer-user needs to authenticate, they are redirected to the company's IdP.
Assertion: The IdP authenticates the consumer-user and sends a SAML assertion to our API.
Token Issuance: Our API verifies the SAML assertion and issues an access token for the consumer-user.

2. OIDC (OpenID Connect)

OIDC is a simple identity layer on top of the OAuth 2.0 protocol. The process involves:

Setup: The company sets up an OIDC provider.
Authentication: Consumer-users log in via the OIDC provider, which authenticates them and returns an ID token.
Token Use: The company uses this ID token for subsequent API calls on behalf of the consumer-user.
Token Submission: The company sends this ID token to our API.
Token Issuance: Our API validates the ID token and allows access to the consumer-user.

3. JWT (JSON Web Token)

JWT allows secure transmission of information between parties. We offer two scenarios for JWT-based authentication:

Scenario 1: Company-Generated JWT

Token Creation: The company generates a JWT using their private key, including claims about the consumer-user.
Token Submission: The company sends the JWT to our API.
Token Issuance: Our API verifies the JWT and issues an access token for the consumer-user.

Scenario 2: API-Generated JWT

User Retrieval/Creation: The company calls our API to create or retrieve a consumer-user based on external ID or email.
Token Issuance: Our API generates a JWT for the consumer-user.
Token Use: The company uses this JWT for subsequent API calls on behalf of the consumer-user.

API references

Get a consumer user or create a new one: This API is used to get a consumer user by external ID or email. If the user is not yet created, a new one will be created. This API is utilized in Scenario 2: API-Generated JWT
Create a new consumer user: This API is used to create a new consumer user. This API is useful in scenarios where the user needs to be created before authentication.

If you need further assistance or have specific questions, please contact tech@centsdonations.com.