Login

Single Sign-On

Home Solutions Single Sign-On

Set up Single Sign-On in few minutes


Allows users to log in to your site using their Lucks account, without requiring any prior configuration on your part

How single sign-on works

The user clicks the single sign-in button on your site, they are redirected to the Lucks site to log in, they are redirected to your site with an auth token, your site validates the token and logs the user in

Single login button

Below you will find the HTML/JavaScript code to integrate into your web page when asking the user to log in with their Lucks account.

Code
You can customize the button by modifying the following attributes of the <div> tag

data-return-url
Return URL after single sign-on (must be absolute URL)

data-size
The size of the button: "small", "medium" and "large".

data-connect-with
You can translate the button into your language with this field.

data-disable
Set to "true" disable the button.

Example of the button in the three sizes



Return value

If the single sign-on was successful, the user is redirected to your return URL with two POST parameters ("token" and "timestamp") containing the login information. Below is an example of data:

    "timestamp": The connection timestamp
    "token": The authentication token (to be validated with the API)

If the login failed, the user is redirected to your return URL with an "error" POST parameter containing the error code. Below is the list of possible error codes:

List of error codes
  • 1 — User canceled connection

Check authentication token

After receiving it, you will need to verify the authentication token, in which case you will need to make a call to the verification API. For a given authentication token it will return user information if the token is valid. A token is valid for 30 minutes and can only be used once.

All requests to the API should be sent to the URL below. All parameters must be passed in POST. However you can pass the parameters in GET if you wish by adding the GET parameter "mode".

URL
Parameters
  • token — The authentication token
  • timestamp — The connection timestamp
  • domain — The domain name identical to that specified in the return URL (this prevents authentication tokens from other sites from being used)
  • mode — Set to "get" to use GET parameters instead of POST (optional, all POST parameters will be ignored)

Return value

A JSON containing the "code" and "data" fields:
  • code — The return code of the operation (see below)
  • data — Response data (if relevant)

List of return codes
  • 0 — Everything went well, the token is valid
  • 27 — Authentication token does not exist or has expired
  • 28 — The domain provided does not match that of the return URL
  • 29 — This domain name is not authorized to use the single sign-on API

Response data
If the token is valid, the "data" field contains an object representing the user who has just logged in 
{
    "account": The user's account number,
    "account_raw": The user's raw account number (without the first part or hyphens),
    "name": The user's name (can be empty if the user has not provided their name or if they do not wish to share it),
    "email": The user's email address (can be empty if the user has not provided their email address or if they do not wish to share it),
    "certified": Is the user certified
}


Example

Below is an example of a GET request to the API and a possible return JSON:

URL
Response data
{
    "code": 0,
    "data": {
        "account": "LKS0-1234-5678-9123-4567",
        "account_raw": "1234567891234567",
        "name": "Lucky Lucks",
        "email": "lucky.lucks@example.com",
        "certified": false
    }
}