1. Gigya's Documentation
  2. REST API
  3. Socialize
  4. socialize.getSessionInfo
Was this article helpful?

socialize.getSessionInfo

Modified 08:15, 2 Apr 2013 by Tanya

Description

Returns the session information required for making direct API calls to the providers. This allows retrieving information or performing operations which are not yet supported by the Gigya service.
Each provider requires an individual set of fields for making direct API call. This set of fields is different for each provider. Respectively, in the Response object, only the fields which are required by the specific provider are available (according to the provider which is specified in the method's input parameter). 

 

Security Requirements

For security reasons, our server automatically detects if the API call is coming over HTTPS. If not, some sensitive fields are encrypted to prevent them from being used by unauthorized parties.

The encryption is performed using the AES algorithm, where the key is your partner "Secret Key" and the initialization vector is passed as a field in the response. Your partner "Secret Key", is provided at the bottom of the Dashboard section on the Gigya website (make sure you are logged in to Gigya's website and accomplished the Gigya Setup process). The "Secret key" is provided in base64 encoding and must be converted into a binary array before it can be used (most development environments include a method that implements this).

Additional settings for the AES algorithm:

  • Cypher mode - CBC

  • Padding mode - you may select the padding mode to be used, by setting the paddingMode optional parameter (see Parameters table below), with one of the following optional values: 'PKCS5', 'PKCS7' or 'ZEROS' (PKCS7 is the default).

Supporting Providers

This operation currently supported for the following providers: Facebook, TwitterYahoo, Microsoft MessengerLinkedInMyspaceOrkut, Google+, FourSquare, Renren, VKontakte, mixi.

 

Request URL

http[s]://socialize.gigya.com/socialize.getSessionInfo

 

Parameters

Required Name Type Description
Required* UIDstringThe unique ID of the user, with which this method call is associated. This is the UID you receive from Gigya after a successful login of this user.
* The UID parameter is required when you call this method through one of the following interfaces: PHP SDK, Java SDK, NET SDK or if you are using the REST API directly with Gigya's proprietary authorization method.
* The UID parameter is not required when you call this method through one of the following interfaces: Android SDK, iOS SDK or if you are using an external OAuth2 SDK.
Note: If you are using account linking then the UID would be your site user ID. To learn more about Social Login with account linking (best practice), please refer to the Social Login Implementation guide.
Required provider string The provider to retrieve the session information for. The optional values for this parameter are: 'facebook', 'twitter', 'yahoo', 'messenger', 'linkedin', 'myspace', 'orkut''googleplus', 'foursquare', 'renren', 'vkontakte', 'mixi'.
Optional paddingMode string The padding mode to be used in the AES algorithm. The valid values for this parameter are: 'PKCS5', 'PKCS7' and 'ZEROS'. The default value, if this parameter is not set, is 'PKCS7'.
  cid string A string of maximum 100 characters length. This string is associated with each transaction and will later appear on reports generated by Gigya in the "Context ID" combo box. The cid allows you to associate the report information with your own internal data. For example, to identify a specific widget or page on your site/application. The "Context ID" combo box lets you filter the report data by site/application context.
  signIDs Boolean The default value is "false". If this field is set to "true", the timestamp and providerUIDSig fields are returned and the providerUID that is returned by this method will be signed by Gigya. To learn more about this subject, please refer to the Security page of the Developer's Guide.
  encryptAll Boolean The default value is "false". If this field is set to "true", the server encrypts all the fields in response, not only the tokenSecret field.
  format string Determines the format of the response. This parameter is required when using the REST API directly, and irrelevant when using one of our SDKs. The options are:
  • json
  • jsonp - if the format is jsonp then you are required to define a callback method (see parameter below).
  • xml (default) - Deprecated. We do not support XML format anymore, but it is the default due to backwards compatibility. Please set the format parameter to either json or jsonp.
  callback string This parameter is relevant only when the format parameter is set to jsonp (see above). In such case this parameter should define the name of the callback method to be called in the response, along with the jsonp response data.
  httpStatusCodes Boolean The default value of this parameter is false, which means that the HTTP status code in Gigya's response is always 200 (OK), even if an error occurs. The error code and message is given within the response data (see below). If this parameter is set to true, the HTTP status code in Gigya's response would reflect an error, if occurs.

 

Authorization Parameters

Each REST API request must contain identification and authorization parameters.

Note: the authorization parameters are required only if you are using the REST API directly. If you are using one of Gigya's SDKs then these parameters are not required, since the SDK implements the authorization method internally.

The set of required parameters is dependent on your selected method of authorization. There are two options:

  1. If you are conforming with the OAuth 2.0 standard, you will need to Pass an Access Token. For more information, please read the Using Gigya's REST API in compliance with OAuth 2.0 guide.
  2. If you are using Gigya's proprietary authorization method, you will need to pass the parameters specified here. Or, if you are making a call over HTTPS then you may pass the secret parameter instead of the timestamp, nonce and sig parameters. For more information, please read the Using Gigya's REST API with our proprietary authorization method guide.

 

Response Data

Field Type Description
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes. This field will appear in the response only in case of an error.
errorDetails string This field will appear in the response only in case of an error and will contain the exception info, if available.
callId string Unique identifier of the transaction, for debugging purposes.
authToken string The session authentication token. See in the table below, how this field is mapped to the corresponding field in each provider.
tokenSecret string The session token secret, encrypted with the partner secret key (see explanation above) and encoded in BASE64. See in the table below, how this field is mapped to the corresponding field in each provider.
tokenExpiration string The expiration time for the session token. See in the table below, how this field is mapped to the corresponding field in each provider.
sessionHandle string The session handle, encrypted with the partner secret key (see explanation above) and encoded in BASE64. See in the table below, how this field is mapped to the corresponding field in each provider.
sessionExpiration string The session expiration time. See in the table below, how this field is mapped to the corresponding field in each provider.
IV string The initialization vector that should be used for decrypting the encrypted fields, encoded in BASE64.
providerUID string The person's ID on the connected provider.
timestamp string The GMT time of the signature in UNIX time format (i.e. the number of seconds since Jan. 1st 1970). This field is returned only if signIDs is set to "true".
providerUIDSig string The signature on timestamp_providerUID. This field is returned only if signIDs is set to "true".

Note: A field that does not contain data, will not appear in the response.


Session Fields' Mapping

The following table shows how our response field names map to the respective providers expected session field names. 

Field Facebook Twitter / Google+ / Yahoo / Hi5 / Kaixin
/ LinkedIn / MySpace / Orkut / Skyrock / VZNet		 Foursquare / Messenger / Mixi / QQ / Renren / Sina / VKontakte
authToken access_token oauth_token access_token
tokenSecret - oauth_token_secret -
tokenExpiration expires oauth_expires_in expires_in
sessionHandle - oauth_session_handle (if supported) refresh_token (if supported) 
sessionExpiration - oauth_authorization_expires_in (if supported) -

 

 

Response Example

{
        "authToken": "0000",
        "tokenSecret": "0000",
        "tokenExpiration": "",
        "sessionHandle": "",
        "sessionExpiration": "",
        "IV": "",
        "statusCode": 200,
        "errorCode": 0,
        "statusReason": "OK",
        "callId": "5b9182e6d24f45159b02d61464bb71a5"
    }
Was this article helpful?
Pages that link here
Page statistics
1625 view(s) and 8 edit(s)
Social share
Share this page?

Tags

This page has no custom tags set.

Comments

You must to post a comment.

Attachments