Was this article helpful?

socialize.getSessionInfo

Last modified 08:34, 21 Jul 2014

Description

Returns the session information required for making direct API calls to the providers. This allows retrieving information or performing operations which are not yet supported by the Gigya service.
Each provider requires an individual set of fields for making direct API call. This set of fields is different for each provider. Respectively, in the Response object, only the fields which are required by the specific provider are available (according to the provider which is specified in the method's input parameter). 

 

Security Requirements

For security reasons, our server automatically detects if the API call is coming over HTTPS. If not, some sensitive fields are encrypted to prevent them from being used by unauthorized parties.

The encryption is performed using the AES algorithm, where the key is your partner "Secret Key" and the initialization vector is passed as a field in the response. Your partner "Secret Key", is provided at the bottom of the Dashboard section on the Gigya website (make sure you are logged in to Gigya's website and accomplished the Gigya Setup process). The "Secret key" is provided in base64 encoding and must be converted into a binary array before it can be used (most development environments include a method that implements this).

Additional settings for the AES algorithm:

  • Cypher mode - CBC

  • Padding mode - you may select the padding mode to be used, by setting the paddingMode optional parameter (see Parameters table below), with one of the following optional values: 'PKCS5', 'PKCS7' or 'ZEROS' (PKCS7 is the default).

Supporting Providers

This operation currently supported for the following providers: Facebook, TwitterYahoo, Microsoft MessengerLinkedInOrkut, Google+, FourSquare, Renren, VKontakte, mixi, Xing.

 

Request URL

http[s]://socialize.gigya.com/socialize.getSessionInfo

 

Parameters

Required Name Type Description
Required* UIDstringThe unique ID of the user, with which this method call is associated. This is the UID you receive from Gigya after a successful login of this user.
* The UID parameter is required when you call this method through one of the following interfaces: PHP SDK, Java SDK, NET SDK or if you are using the REST API directly with Gigya's proprietary authorization method.
* The UID parameter is not required when you call this method through one of the following interfaces: Android SDK, iOS SDK or if you are using an external OAuth2 SDK.
Note: If you are using account linking then the UID would be your site user ID. To learn more about Social Login with account linking (best practice), please refer to the Social Login Implementation guide.
Required provider string The provider to retrieve the session information for. The optional values for this parameter are: 'facebook', 'twitter', 'yahoo', 'messenger', 'linkedin', 'orkut''googleplus', 'foursquare', 'renren', 'vkontakte', 'mixi', 'xing'.
Optional paddingMode string The padding mode to be used in the AES algorithm. The valid values for this parameter are: 'PKCS5', 'PKCS7' and 'ZEROS'. The default value, if this parameter is not set, is 'PKCS7'.
  cid string A string of maximum 100 characters length. The CID sets categories for transactions that can be used later for filtering reports generated by Gigya in the "Context ID" combo box. The CID allows you to associate the report information with your own internal data. For example, to identify a specific widget or page on your site/application. You should not define more than 100 different context IDs.
  signIDs Boolean The default value is "false". If this field is set to "true", the timestamp and providerUIDSig fields are returned and the providerUID that is returned by this method will be signed by Gigya. To learn more about this subject, please refer to the Security page of the Developer's Guide.
  encryptAll Boolean The default value is "false". If this field is set to "true", the server encrypts all the fields in response, not only the tokenSecret field.
  format string Determines the format of the response. This parameter is required when using the REST API directly, and irrelevant when using one of our SDKs. The options are:
  • json
  • jsonp - if the format is jsonp then you are required to define a callback method (see parameter below).
  • xml (default) - Deprecated. We do not support XML format anymore, but it is the default due to backwards compatibility. Please set the format parameter to either json or jsonp.
  callback string This parameter is relevant only when the format parameter is set to jsonp (see above). In such case this parameter should define the name of the callback method to be called in the response, along with the jsonp response data.
  httpStatusCodes Boolean The default value of this parameter is false, which means that the HTTP status code in Gigya's response is always 200 (OK), even if an error occurs. The error code and message is given within the response data (see below). If this parameter is set to true, the HTTP status code in Gigya's response would reflect an error, if occurs.

 

Authorization Parameters

Each REST API request must contain identification and authorization parameters.

Please refer to the Authorization Parameters section for details. 

 

Response Data

Field Type Description
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes. This field will appear in the response only in case of an error.
errorDetails string This field will appear in the response only in case of an error and will contain the exception info, if available.
callId string Unique identifier of the transaction, for debugging purposes.
authToken string The session authentication token. See in the table below, how this field is mapped to the corresponding field in each provider.
tokenSecret string The session token secret, encrypted with the partner secret key (see explanation above) and encoded in BASE64. See in the table below, how this field is mapped to the corresponding field in each provider.
tokenExpiration string The expiration time for the session token (in EST). See in the table below, how this field is mapped to the corresponding field in each provider. Note that when socialize.notifyLogin is used to establish a session, the tokenExpiration value contains the tokenExpiration passed to socialize.notifyLogin. 
tokenExpirationUTC string The expiration time for the session token in UTC.
sessionHandle string The session handle, encrypted with the partner secret key (see explanation above) and encoded in BASE64. See in the table below, how this field is mapped to the corresponding field in each provider.
sessionExpiration string The session expiration time. See in the table below, how this field is mapped to the corresponding field in each provider.
sessionExpirationUTC string The session expiration time in UTC.
IV string The initialization vector that should be used for decrypting the encrypted fields, encoded in BASE64.
providerUID string The person's ID on the connected provider.
timestamp string The GMT time of the signature in UNIX time format (i.e. the number of seconds since Jan. 1st 1970). This field is returned only if signIDs is set to "true".
providerUIDSig string The signature on timestamp_providerUID. This field is returned only if signIDs is set to "true".

Note: A field that does not contain data, will not appear in the response.


Session Fields' Mapping

The following table shows how our response field names map to the respective providers expected session field names. 

Field Facebook Twitter / Google+ / Yahoo / Hi5 / Kaixin
/ LinkedIn / MySpace / Orkut / Skyrock / VZNet
Foursquare / Messenger / Mixi / QQ / Renren / Sina / VKontakte
authToken access_token oauth_token access_token
tokenSecret - oauth_token_secret -
tokenExpiration expires oauth_expires_in expires_in
sessionHandle - oauth_session_handle (if supported) refresh_token (if supported) 
sessionExpiration - oauth_authorization_expires_in (if supported) -

 

 

Response Example

{
        "authToken": "0000",
        "tokenSecret": "0000",
        "tokenExpiration": "2014-03-29 11:55:40",
        "tokenExpirationUTC": "2014-03-29T08:55:40Z",
        "sessionHandle": "",
        "sessionExpiration": "",
        "sessionExpirationUTC": "",
        "IV": "",
         "providerUID": "100005665293123",
        "statusCode": 200,
        "errorCode": 0,
        "statusReason": "OK",
        "callId": "5b9182e6d24f45159b02d61464bb71a5"
    }
Was this article helpful?
Pages that link here
Page statistics
4607 view(s) and 14 edit(s)
Social share
Share this page?

Tags

This page has no custom tags set.

Comments

You must to post a comment.

Attachments