Before a user can use the widget, the user has to be registered. This is done transparently (for the user) by the provider:
- The provider logs in the user at MATH 42 with a unique user id. If the user wasn’t already signed in at MATH 42, this will done additionally in the background.
- The provider gets back a time-limited token for further authentication.
- Each time the user accesses the widget on a provider’s page, the token has to be added to the request.
- Your provider-name
- Example: provider=xyz_publisher
- Your provider-secret
- Length: 32
- Example: secret=2g4ncjr74j3jch475hdbs7el4js6cg3f
- RequiredIdentifier (for example hash of email) of your user
- Identifier (for example hash of email) of your user
- Length: 6-30 chars.
- Example: userId=class6_user23
- 200 OK
- Status: 200 OK
Content-Type: text/html; charset=utf-8
- A JSON Web Token (e.g.
whsdf7dni76 ...) which is valid while the test-phase for 1 hour. This will be changed to 6 – 12 hours.
- Recommendation: You should manage the tokens for every user and don’t create a new token for every widget.
- A time-limited token will be given back.