Table of contents
Description
This method replaces the Gigya UID in the user account on Gigya's DB, with a site user ID that you provide. This method should be used in case a user ID has changed.
- This method is not part of our recommended social registration flow. Please use the socialize.notifyRegistration method instead, and pass the "siteUID" parameter. Learn more in the Login Best Practice Implementation guide.
- This method replaces the deprecated socialize.linkAccounts method.
Note: This method is also supported in our REST API. If you wish to execute this method from your server, please refer to REST API > socialize.setUID.
Security Requirements
The Gigya service supports a mechanism to verify the authenticity of the setUID call. This mechanism is used to prove that the call is in fact coming from your site, in order to prevent fraud.
We require every setUID call to be signed using a HMAC-SHA1 signature. The "UIDSig" parameter (see table of parameters below) is defined for this objective, and is a required parameter. Gigya will verify the authenticity of the signature to prove that it is in fact coming from your site and not from somewhere else.
Follow the instructions in Constructing a Signature to set the UIDSig parameter of the setUID call, and make the API call as soon as possible after that to prevent the signature from expiring.
Syntax
gigya.socialize.setUID(params)
Method Parameters
The following table lists the params object members:
| Required | Name | Type | Description |
| Required | siteUID | string | The user ID which you have designated to the current user on your user management system. This site UID must be different than the Gigya ID. Note: the parameter accepts only ASCII characters (not unicode) and up to 252 characters. |
| UIDTimestamp | string | The current GMT time when request is made. The expected format is the Unix time format (i.e. the number of seconds since Jan. 1st 1970). Gigya will check the time difference between the timestamp and the time on Gigya's server when the setUID request is received. If the time difference is more than 5 minutes, the request is considered forged. | |
| UIDSig | string | A HMAC-SHA1 signature proving the authenticity of the data. See the "Security Requirements" above for more details. | |
| Optional | callback | function | A reference to a callback function. Gigya calls the specified function along with the results of the API method when the API method completes. The callback function should be defined with the following signature: functionName(response). The "Response object Data Members" table below provides specification of the data that is passed to the callback function. |
| cid | string | A string of maximum 100 characters length. This string is associated with each transaction and will later appear on reports generated by Gigya in the "Context ID" combo box. The cid allows you to associate the report information with your own internal data. For example, to identify a specific widget or page on your site/application. The "Context ID" combo box lets you filter the report data by site/application context. Note: the value of this parameter overrides the value of the identical parameter in the global configuration object. | |
| context | object | A developer-created object that is passed back unchanged to the application as one of the fields in the response object. | |
| timestamp | string | Deprecated. Please use the UIDTimestamp parameter instead. | |
| signature | string | Deprecated. Please use the UIDSig parameter instead. |
Response Object Data Members
| Field | Type | Description |
| errorCode | integer | The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table. |
| errorMessage | string | A short textual description of an error associated with the errorCode for logging purposes. |
| operation | string | The name of the API method that generated this response. |
| context | object | The context object passed by the application as parameter to the API method, or null if no context object has been passed. |
Code Sample
// Note: the actual signature calculation implementation should be on server side
function createSignature(UID, timestamp) {
return '';
}
var dateStr = Math.round(new Date().getTime()/1000.0); // Current time in Unix format
// (i.e. the number of seconds since Jan. 1st 1970)
var siteUID= 'uTtCGqDTEtcZMGL08w'; // siteUID should be taken from the new user record
// you have stored in your DB in the previous step
var yourSig = createSignature(siteUID, dateStr);
var params = {
siteUID: siteUID,
timestamp:dateStr,
UIDSig:yourSig
};
gigya.socialize.setUID(params);
- This sample is not meant to be fully functional code. For brevity's sake, only the code required for demonstrating the API call itself is presented.
- To run the code on your own domain, add your Gigya API key to the socialize.js URL. A Gigya API key can be obtained on the Site Dashboard page on Gigya's website. Please make sure that the domain from which you are loading the page is the same domain name that you used for generating the API key.
- In some cases it is necessary to connect/login the user to a provider? prior to calling the API method. You can learn more in the Social Login guide.
Comments