Integration
Every time users open app using Websys, into the URL a query parameter with one-time login token is added.
The token let's you locate the user in our system.
When you encounter the query, you make an API request to our system, asking if our user is the one, who generated the token and if (s)he is eligible to enter your app, having the access purchased.
In the response, if the user is eligible — we are sending you their e-mail address, enabling you to login them.
To integrate the system, you need to generate your authentication token,
which is required to make an API request to our system, and set your time zone, which is used for payoffs and statistics.
Create a developer account to get access to Panel. After that, contact us to get Partnership privileges.
Add your application using developer's Panel,
and put a URL of your development server into the Service input.
The app will be submitted as a Draft first. It is unavailable for users, but lets you test the integration in development mode.
Prepare your backend for getting a one-time login token as query parameter.
It serves for locating the user in our system. When we confirm the requesting token was generated by us, you can safely log the user in using the e-mail address received in the response.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | from django.contrib.auth import authenticate, login from django.http import HttpResponseRedirect from django.shortcuts import render from django.urls import reverse import json import requests import secrets import datetime def login_view(request): if request.method == "POST": # Attempt to sign user in username = request.POST["username"] password = request.POST["password"] user = authenticate(request, username=username, password=password) # Check if authentication successful if user is not None: login(request, user) return HttpResponseRedirect(reverse("index")) else: return render(request, "network/login.html", { "message": "Invalid username and/or password." }) # Check if request was sent from Services if request.GET.get('services'): return auth_user(request, request.GET['services']) return render(request, "network/login.html") def auth_user(request, services_token): # Endpoint to the services API if services_token: endpoint = f"http://serwwwices.com/api/authorization/{services_token}" else: return HttpResponseRedirect(reverse('index')) # Authorization token. Keep it in environment variables. auth_token_from_panel= '<authorization_token_generated_in_panel>' headers = { 'Authorization': f"Bearer {auth_token_from_panel}" } get_response = requests.get(endpoint, headers=headers) if get_response.ok: # A user email form services API. email = json.loads(get_response.content).get('internal_email_address', None) midnight = datetime.datetime.combine(datetime.datetime.today() + datetime.timedelta(days=1), datetime.time.min) try: user = User.objects.get(email=email) except User.DoesNotExist: user = User.objects.create_user(f"username_{email.split('@')[0]}_{round(datetime.datetime.now().timestamp())}", email, f"{secrets.token_hex(32)}") user.save() login(request, user) response = HttpResponseRedirect(reverse('index')) response.set_cookie('services', 'services_cookie', max_age=(midnight - datetime.datetime.now()).seconds) return response return HttpResponseRedirect(reverse('index')) |
To verify if the users are eligible to access your app, you make a API request to our endpoint.
If they are, you get their email address as a response. If not — en error message is returned.
https://websys.app/api/authorization/<services_token>Payload
'Authorization': f"Bearer {auth-token-from-panel}"
}
Response
‘internal_email_address’: ‘markspencer@gmail.com’
}
"success": False, "message": "..."
}
Logging the user out
You have to make sure that when the current day ends - the user is logged out.
Setting services_cookie, active until the end of the current day, lets you locate the user to log out.