SAP Customer Data Cloud Positions

socialize.login JS

Skip to end of metadata
Go to start of metadata


This method instructs the Gigya service to authenticate the user using an external provider, such as Facebook or Yahoo.

The Gigya service opens a popup window with the login screen of the requested provider. In some cases, such as Facebook and Yahoo, users are also asked to give the site permission to access their personal data. When the login process completes, the popup window closes automatically, the method callback function is called and the global onLogin event is fired. 

Supporting Providers

The following providers currently support this operation: apple,

Amazon, AOL, Blogger, Facebook, Foursquare, GooglePlus, Kakao, LINE, LinkedIn, Livedoor, Messenger, mixi, Naver, Netlog, Odnoklassniki, Orange France, PayPalOAuth, Tencent QQ, renren, Sina Weibo, Spiceworks, Twitter, VKontakte, WeChat, WordPress, Xing, Yahoo!, Yahoo! Japan.(Note: messenger has been replaced by microsoft, however, for backward compatibility, either can be used).

Securing the Login Process

The Gigya service supports a mechanism to verify the authenticity of the login process. To prevent fraud Gigya "signs" the login process with a cryptographic signature. Your site receives the cryptographic signature provided by Gigya in the login method's callback function as part of the response object (please refer to the Response object Data Members table below).

We highly recommend verifying the authenticity of the signature to prove that it has indeed originated from Gigya rather than somewhere else.

To learn more about this subject, please refer to Security.






The following table lists the available parameters:

providerstringThe provider that is used for authenticating the user. The following values are currently supported for use with this parameter: apple, amazon, aol, blogger, facebook, foursquare, googleplus, kakao, line, linkedin, livedoor, messenger, mixi, naver, netlog, odnoklassniki, orangefrance, paypaloauth, qq, renren, sina, spiceworks, twitter, vkontakte, wechat, wordpress, xing, yahoo, yahoojapan (Note: messenger has been replaced by microsoft, however, for backward compatibility, either can be used).

SAML providers are also supported - use the format "saml-YourDefinedProviderName".

actionAttributesJSON objectIn Gamification, your users receive points for actions they perform on your site. In this case, logging in grants the user points. Action Attributes may be used to annotate actions with additional information, such as the section of the web site that generated the action. If you set actionAttributes, the log in action receives an attribute, for example "tv-show":"glee". 
actionAttributes contain a JSON object comprised of a series of attribute keys (categories) with associated values. You can also use a generic "tags" key.

No more than three values can be given, they can be with a single key or each have their own key.

For more information see Variants and Action Attributes. Action attributes are later used to filter GM Plugins by a certain attribute.
Example:  {"<attribute key1>": ["<attribute value1>", "<attribute value2>"],  "<attribute key2>": "<attribute value3>" }


This parameter is intended only for developers who wish to implement the "Web Server Flow" of the OAuth 2.0 standard. If you set this parameter to 'true', you will not receive the user data in the response. Instead you will receive an authCode .

The authCode contains a code that is intended to be used for invoking the OAuth 2.0 getToken end-point along with the grant_type parameter set to authorization_code.

authFlowstringUsing this parameter you may specify that the login flow will use page redirects instead of using a popup. This gives a solution for environments where popups are unavailable (e.g., mobile web view controls). This parameter accepts two values:
  • popup (default)
  • redirect - the login flow uses page redirects. When the login process completes successfully, the user is redirected to the URL specified by the redirectURL parameter (see below). If the redirectURL parameter is not specified, the user will be redirected to the original page from which the login process started.
    Notes: This option will only work if CNAME is configured.
    The context object will not be passed when authFlow: 'redirect'.
A reference to a callback function. Gigya calls the specified function along with the results of the API method when the API method completes.
The callback function should be defined with the following signature: functionName(Response).
The "Response Object Data Members" table below provides specification of the data that is passed to the callback function.
A string of maximum 100 characters length. The CID sets categories for transactions that can be used later for filtering reports generated by Gigya in the "Context ID" combo box. The CID allows you to associate the report information with your own internal data. For example, to identify a specific widget or page on your site/application. You should not define more than 100 different context IDs.

Note: This parameter overrides the value of the identical parameter in Global Conf (the global configuration object). If the parameter is not set for the method, the value from Global Conf is used.

A developer-created object that is passed back unchanged to the application as one of the fields in the response object.
This parameter accepts a comma-separated list of additional data fields to retrieve. The current valid values are: languages, address, phones, education, honors, publications, patents, certifications, professionalHeadline, bio, industry, specialties, work, skills, religion, politicalView, interestedIn, relationshipStatus, hometown, favorites, likes, followersCount, followingCount, name, username, educationLevel, locale, verified, irank, timezone, and samlData.

Note: Before your application can retrieve Facebook data, the user must grant your application with access. Please make sure you have checked the check boxes that enable retrieving the relevant fields from Facebook in the Permissions page on Gigya's website. You may find more information in the Facebook Permissions section of our guide.

facebookExtraPermissionsstringA comma-delimited list of Facebook extended permissions to request from the user. This parameter gives the possibility to request extended permissions in addition to the permissions that Gigya is already requesting. Refer to Facebook's extended permissions page for the complete list of permissions.
For example, if you wish to RSVP to events on the user's behalf and to to send text messages to the user define: facebookExtraPermissions : "rsvp_event,sms "

Note: This parameter overrides the value of the identical parameter in Global Conf (the global configuration object). If the parameter is not set for the method, the value from Global Conf is used.

forceAuthenticationBooleanThe default value of this parameter is 'false'. If it is set to 'true', the user is forced to provide their social network credentials during login - even if the user is already connected to the social network. This parameter is currently supported by Facebook, Twitter, and  Renren. Note that the behavior of the various social networks may be slightly different: Facebook expects the current user to enter their password, and will not accept a different user name. Other networks prompt the user to re-authorize the application or allow a different user to log in.
googleExtraPermissionsstringThis parameter gives the possibility to request extended permissions in addition to the permissions that Gigya is already requesting. The supported values are: "wallet" - for Google wallet permissions.

Note: This parameter overrides the value of the identical parameter in Global Conf (the global configuration object). If the parameter is not set for the method, the value from Global Conf is used.

googlePlayAppIDstringThe objective of this parameter is to support Over The Air app installs for Android devices during Google+ login. Set this parameter with the package name of your Android app (for example: ""). As a result, after signing in with Google+, users have the option to send your Android app to their device instantly, without leaving your website. As a preliminary step you'll need to Utilize Google+ Native Android Sign-on on your Android app. The package name passed to this parameter is the same one you enter when enabling the Google+ API.

A comma-separated list of fields to include in the response. The possible values are: identities-active, identities-allloginIDsemailsprofiledata, and


. The default is profile so if this parameter is not used, the response will return the Profile object.
includeAllIdentitiesBooleanThe default value of this parameter is 'false'. If set to 'true', you will receive all the user's identities, including those with expired sessions. Each  entry will have an attribute that will be 'true' when the session has expired for that provider (or is otherwise inactive) and 'false' if it is active.
loginModestringThe type of login being performed:
  • standard - (default) the user is logging into an existing account.
  • link - the user is linking a social network to an existing account. The account being used to login will become the primary account.
pendingRegistrationBooleanThe default value of this parameter is 'true'. The default behavior - when a new user logs-in (registers) his new Gigya account is not considered final until socialize.notifyRegistration is called. While being not-final the identities associated with this account can be connected to another account without causing an error.
If this parameter is set to 'false' - when a new user logs-in (registers), his new Gigya account is final immediately.
Note: the value of this parameter overrides the value of the newUsersPendingRegistration parameter in the global configuration object.
redirectMethodstringThis parameter is only applicable when redirectURL is specified and it determines how the user info data is passed to the redirectURLs. This parameter accepts two values: 
  • get (default) -  The user info values should be passed as query string parameters.
  • post - The user info should be passed as POST fields.

A URL to which to redirect the user when the login process has successfully completed. You must provide an absolute URL - relative URLs are not supported.

The following additional parameters are appended to the URL string: UID, UIDSig, timestamp, loginProvider, loginProviderUID, nickname, photoURL, thumbnailURL, firstName, lastName, gender, birthDay, birthMonth, birthYear, email, country, state, city, zip, profileURL, provider. 

These parameters are equivalent to the User object fields. Please find the parameters' description in the User object reference page.

When redirectURL is explicitly defined by the partner the user object fields should always be sent with the redirect regardless of the authFlow mode.

This parameter is required if using authFlow: 'redirect' (above).

Note: We strongly advise providing a secure (sslHTTPS URL.

regSourcestringA string representing the source of the registration. This would typically be the URL where it took place.
regToken string This parameter is required for completing the link accounts flow. Once the initial login has failed, call the login method with loginMode=link and the regToken returned from the initial call to complete the linking. For more information go to the social account linking guide.
sessionExpirationintegerThis parameter defines the time in seconds that Gigya should keep the login session valid for the user. To end the session when the browser closes, please assign the value '0'. If this parameter is not specified, the session is valid forever.

Note: This parameter overrides the value of the identical parameter in Global Conf (the global configuration object). If the parameter is not set for the method, the value from Global Conf is used.



Response Object Data Members

errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Response Codes and Errors table.
errorMessage string A short textual description of an error associated with the errorCode for logging purposes.
callId string Unique identifier of the transaction, for debugging purposes.
context object The context object passed by the application as a parameter to the API method, or null if no context object has been passed.
userUser objectUser object that includes updated information for the current user.
UIDSignature stringThe signature that should be used for login verification as described under Validate the UID Signature in the Social Login Process.
signatureTimestamp stringThe GMT time of the response in UNIX time format (i.e. the number of seconds since Jan. 1st 1970). The timestamp should be used for login verification as described under  Validate the UID Signature in the Social Login Process.
UID stringThe User ID that should be used for login verification as described under  Validate the UID Signature in the Social Login Process.

Note: The UID string must be encoded using the encodeURIComponent() function before sending it from your client to your server.

isNewUserBooleanIndicates whether the user logging in is new. The parameter is returned only when it is set to "true", or when the user is missing the 'connectionIdentity' field in the DB.
When 'RaaS' is enabled, If 'newUser == TRUE' and no required fields are missing, a 'SocialLeadToAccountNewUser' event is called and a new user is created. 
If account is pending verification, a 'SocializeLeadToAccountsPendingVerification' event is fired instead.
signature string Deprecated . Please use the UIDSignature parameter instead.
timestamp string Deprecated . Please use the signatureTimestampparameter instead.
This parameter holds the GMT time of the response in "yyyy-mm-dd HH:mm:ss" format where HH is in 24 hour time format.

Triggered Global Event

By using this method the onLogin global event may be triggered (the onLogin global event is fired when a user successfully logs in to Gigya). To register an event handler use the socialize.addEventHandlers API method. Refer to the onLogin event data. Refer to Events to learn more about how to handle events generated by the Gigya service. 

Code Sample

<script type="text/javascript" src=""></script>
var params = {
    callback: onLogin,


function onLogin(response)
    // verify the signature ... 


Additional Information


When using LINE as a login provider via socialize.login on a mobile device, only authflow 'redirect' is supported, e.g.,

var params = {
    callback: onLogin,




  • This sample is not meant to be fully functional code. For brevity's sake, only the code required for demonstrating the API call itself is presented.
  • To run the code on your own domain, add your Gigya API key to the gigya.js URL. A Gigya API key can be obtained on the Site Dashboard page on Gigya's website. Please make sure that the domain from which you are loading the page is the same domain name that you used for generating the API key.