Gigya's Social Login is an authentication system that allows users to register and login to your site using their social network accounts, such as Facebook, Twitter, Google, Yahoo, LinkedIn and more. The login is secure and simple, providing users with an easy way to use your site without having to create yet another password, granting you permissions to store their publicly-available user data.

 

Gigya's Social Login is an authentication system that allows users to register and login to your site using their social network accounts, such as Facebook, Twitter, Google, Yahoo, LinkedIn and more. The login is secure and simple, providing users with an easy way to use your site without having to create yet another password, granting you permissions to store their publicly-available user data. The implementation proposed in this document is targeted for sites that already have their own user management system, and wish to offer Social Login (login/register through social networks) side by side with their existing site login/registration.

Some of the steps in this implementation guide are marked as optional, but we recommend implementing all the steps. 

For a quick start implementation and a live demo of the social login flow, see the Basic Social Login working code example.

Implementation

When a user opts to login or register to your site, they are offered to authenticate using either Gigya's Social Login or the site Login/Register form. Each of these two options leads to a separate logic flow.

The following two sections provide step-by-step instructions for implementing these two logic flows:

Below these two sections you may find sections dealing with complementary implementation issue:

We also recommend reading the documentation for socialize.showLoginUI before implementation, to review the options for customizing the Social Login's user interface. 

Note: The implementation includes usage of Gigya's API. Most Gigya API methods are supported both for client side (Web SDK) and server side (REST API) . We encourage you to work server to server whenever applicable. Please use one of our Server Side SDKs for server side API calls. If there is no SDK available for your preferred language, you may use direct REST API calls.

Site Login - Synchronizing with Gigya Service

When a user authenticates using your existing Login form or when a new user registers using site registration, it is important to notify Gigya of the user's new state, so as to provide consistent user experience. To implement this, call socialize.notifyLogin at the end of your existing login flow. This is illustrated in the following flowchart diagram:

 
The socialize.notifyLogin method receives a required parameter named siteUID . Please set this parameter with the user ID that you have designated for this user in your database. The notifyLogin call registers a new user in Gigya in case the siteUID provided is new, or reconnects a returning user in case the siteUID already exists in our records.

If it is a new user, call the socialize.notifyLogin API method with the newUser parameter set to 'true'. This will enable Gigya to distinguish between a new site user and a returning site user, allowing Gigya to analyze users' login/registration behavior with or without Social Login and compare the ratio.

When receiving the notifyLogin response on server side, please make sure to create a session cookie, so as to maintain the client application synchronized with the user state. The notifyLogin response data includes the following fields: cookieName, cookieValue, cookiePath, cookieDomain. Please create a cookie using these fields.

For example, in PHP:

 setcookie(cookieName,cookieValue,0,cookiePath,cookieDomain)

Please make sure that the page following the login includes Gigya's library i.e., gigya.js, in order for Gigya to read the cookie before it expires.

Synchronizing Gigya with the user's state has several benefits:

Logging Out

When a user logs out from your site, it is important to notify Gigya of the user's new state, otherwise Gigya will still consider the user logged in and someone else who uses the same computer could gain access to that user's personal information and perform actions on his behalf.

Within your site logging out flow, please call the socialize.logout API method. We recommend calling the socialize.logout method from your client application, this way, Gigya will clear the relevant cookies, and your client application will know when the user is logged out without calling the server.

When calling socialize.logout method, Gigya will attempt to logout the user from all the providers to which the user is connected. In order to force logout from Facebook, you have to configure a Domain Alias (CNAME) for your site and enable automatic session renewal in our site's Settings page in the Facebook Configuration dialog.

Sessions Expiration

When a user logs in via Gigya, Gigya creates a login session for the user. By default the session stays valid forever, or until socialize.logout method is called.
Gigya gives you the option to change the default behavior and decide when to terminate a login session. Read more in Controlling Session Expiration section of the Security guide.

Using Social Plugins to Initiate Site Login

Please read the Using Plugins to Initiate Site Login to learn how to integrate Gigya's Plugins with the Social Login Process and leverage the Plugins to acquire new site users.

Adding Connections

After the user has logged-in to your site, you can give your user an option to add connections to multiple social networks, hence giving the possibility to interact with friends on multiple social networks. You can do that by adding the Add Connections plugin to your site pages. This is broadly explained in the  Adding Connections to Social Networks  guide.

Error Handling

Gigya uses an asynchronous programming model in which operations are triggered and then run in the background until they are completed. Upon successful or unsuccessful completion you receive a method response that includes the results of the operation. In case of using the Web SDK, the operation invokes a callback function, which should be provided as a parameter to the API method call. The callback function receives a response object that includes the results of the operation.

To prevent an inconsistent user state it is vital to make sure that all the steps of the Login flow complete successfully. For this purpose, we recommend employing the following steps when calling an API method (i.e., showLoginUI, notifyRegistrationnotifyLoginlogout):

  1. Define a timeout.
  2. If after the timeout you did not receive a response, or if you received an error in the response, then retry calling the API method.
  3. In case of notifyRegistration, if after several retries the method has not successfully completed, rollback the database changes.

 

  • When a user logs-in through Gigya you should not use the socialize.notifyLogin call because the user is already logged-in in Gigya's platform at that point.
  • Please do not call socialize.notifyRegistration nor socialize.setUID API methods after logging-in a returning user.
  • In most cases, a user only needs to be authenticated once per session, either with Gigya or with your site's Login system. Therefore, do not display Gigya's Login Plugin for users who have already logged in.

Supported Providers

Working Examples

We offer several Social Login working code examples, from the most simplified to the most comprehensive:

  1. Basic Social Login: for a quick start implementation, please refer to the Basic Social Login working code example.
  2. Social Login Demo: in the Social Login Demo page you may find a working example that implements a simplified version of the algorithm that is described in Integrating Gigya's Social Login.
    The missing parts in the implementation are: the "Link Account" Sub-Flow, the "Missing Required Data" Sub-Flow and the parts that require interaction with your site's server and database.
  3. Comprehensive demo site: The Daily Recipe is a Gigya demo site written in PHP and JavaScript. This demo outlines how to make a web site social using Gigya's platform, and implements the best practice as described in this page. The demo site's code is available for you to download, use and learn about the site implementation. Examine how Gigya's Social Login best practice is implemented within the site.

Guidelines

 

<script>
$(document).ready(function() {
	/*
	let wxs = document.getElementsByTagName('li')
	let newArrA = [];
	for (let i = 0; i < wxs.length; i++) {
		if ((wxs[i].offsetParent) && (wxs[i].offsetParent.className == 'toc-content')) {
			newArrA.push(wxs[i]);
		}
	}
	if (newArrA.length > 0) {
		for (let i = 0; i < newArrA.length; i++) {
			newArrA[i].outerHTML = newArrA[i].outerHTML.replace(/blank/g, 'self');
		}
		console.log("'successfully' changed right menu links");
	}
	*/
	lssdk.tools.fixRightMenuLinks();
});
</script>