customisable counter
How do I allow my users to sign in automatically into my ad store? / General Questions - Publishers / Knowledge Base - Trafficspaces Support

or Create a profile

Home Knowledge Base General Questions - Publishers

How do I allow my users to sign in automatically into my ad store?

Trafficspaces has a great feature that allows your users to sign in seamlessly into your ad store if they are already signed in on your system.

Furthermore, if they haven't signed in yet, they will be redirected to your website to sign in.

Getting started

First of all, there are three components involved in the single signon process.

  1. YOUR_LOGIN_ENDPOINT - this is the default sign in page on your site.You can set its URL as the value of the loginurl key in your General Preferences JSON configuration.

  2. YOUR_OAUTH_PROFILE_ENDPOINT - this is a server-side component that needs to be created by your developers. Its function is to

  • generate unique single signon tokens per session, and
  • send limited user info to Trafficspaces.

You can set its URL as the value of the oauthurl key in your General Preferences JSON configuration.

  1. TRAFFICSPACES_OAUTH_ENDPOINT - this is an existing component that handles authentication on our side and creates new user accounts automatically. Its URL is http://<your_sub_domain>.trafficspaces.com/oauth.jsp

It should be straightforward to extend your system to support single-signon.To guide you, here are the processes that take place when new and existing users connect to your ad store.

Stage 1

  1. User clicks on a link on your site to visit the ad store e.g. http://<your_sub_domain>.trafficspaces.com/store/.
  2. Trafficspaces redirects the user to YOUR_LOGIN_ENDPOINT for authentication.
  3. If/when the user has been authenticated on your site, redirect the user to TRAFFICSPACES_OAUTH_ENDPOINT?token=xxxxx
    • The token should be a unique value. It will be required later so store it in the user's server side session state, cookie, or other storage.
    • You can also pass an optional timestamp value which should contain the time the token was generated as a long integer.
    • For security reasons, you should make the token parameter expire in 60 seconds. It makes it harder for snooping devices to hijack and reuse the token.

Stage 2

  1. Trafficspaces reads the token parameter.
  2. Trafficspaces sends an HTTP POST request to YOUR_OAUTH_PROFILE_ENDPOINT
    • The HTTP POST request will include the token parameter and the optional timestamp parameter.
    • In addition, any references to {ts.oauth.token} and {ts.oauth.timestamp} in the YOUR_OAUTH_PROFILE_ENDPOINT URL will be replaced with the token and timestamp parameters respectively. This is useful if you want the parameters included in the request path
  3. YOUR_OAUTH_PROFILE_ENDPOINT reads and validates the token parameter.
  4. YOUR_OAUTH_PROFILE_ENDPOINT attempts to resolve the user from the token.
    • If the user is resolved successfully, it sends back the user’s profile data in JSON format. Here is a sample.
{
    "stat": "ok",
    "profile": {
        "identifier": "http://johndoe.abcwebsiteadvertising.com/",
        "email": "johndoe@gmail.com",
        "role": "ts_advertiser",
        "name": {
            "givenName": "John",
            "familyName": "Doe"
        },
        "providerName": "ABC Website Advertising",
        "displayName": "John Doe",
        "gender": "male",
        "companyName": "Acme Corporation", 
        "phoneNumber": "800-535-1234",
        "url": "http://www.acme.com",
        "address": {
            "streetAddress": "542 Simpson Drive",
            "city": "Newcastle", 
            "state": "Delaware", 
            "postalCode": "19720",
            "country": "United States"
        }
    }
}
  • If the user cannot be resolved, it sends a 403 response code.

  • The following fields are mandatory - stat, profile.identifier, and profile.email.

  • Trafficspaces reads the identifer key in the JSON data and using a hash function, it generates a user id on our system.

    • Very important: The identifier must be a static, globally unique value, which must also be sufficient to identify that user in your database. A URL such as the one in the sample which combines the user's unique ID and your domain name should suffice.
  • Using the autogenerated user id in step 5, Trafficspaces checks to see if the user’s account exists.
    • If the account does not exists, it creates a new user account with the profile information in the step 4a. The role key may be set to ts_admin, ts_sales, ts_trafficker, ts_publisher, or ts_advertiser. The default value is ts_advertiser.
    • If the account already exists, Trafficspaces signs the user in automatically.

That's it. If you have any questions or need assistance with integration, please open a new ticket and we'll be happy to help you out.

Section:
General Questions - Publishers
Last Updated:
04 Mar, 2012 08:28 PM

Recent Discussions

25 Apr, 2012 05:25 PM Reg : API in asp.net
08 May, 2012 08:34 PM Unconventional use of TrafficSpaces
02 May, 2012 11:13 PM iPad SDK information

Recent Articles

API: Code Samples & Libraries
API: Authentication
API: Placements
API: Orders
API: Campaigns