Invoking a third-party user registration application#

In Blitz Identity Provider, you can configure the use of a third-party user registration application. In this case, Blitz Identity Provider will be able to call the user registration application from the login page (when clicking on the link Register) or as a result of the user’s first login through an external identification provider. At the same time, the following features are available:

  • If registration is started as a result of the first login through an external identification provider, then Blitz Identity Provider will transfer the attributes received from the external identification provider to the registration application. The application will be able to use them to pre-fill out the registration form.

  • If the user successfully completes the registration, he will be able to continue the login process. For example, you can provide an automatic login of a registered user to the application in the same way as it happens when using the registration application built into Blitz Identity Provider.

To connect to Blitz Identity Provider a third-party registration application, it is necessary to support the services on the side of the registration web application in accordance with the requirements described in the following sections.

Registration Initiation Service#

A third-party registration application must provide an HTTP POST service to initiate registration.

Note

The address of the service is set in the Blitz Identity Provider settings (see Administration).

The service must accept the following parameters (in the form of JSON):

  • id – the ID of the registration application;

  • entryPoint– information about the login point. The following values are possible:

    • SOCIAL – registration is triggered due to the entry of a new user through an external identification provider;

    • WEB – the user initiated the registration on his own (selected “Register” on the login page).

  • appId is the identifier of the application that the user originally wanted to log in to, as a result of which the registration process started;

  • expires – the expiration time of the registration application. Specified in Unix time, in seconds;

  • source – the source of information about the user (in the case of obtaining information from an external login provider). Contains the ID of the external login provider;

  • a list of attributes obtained from an external identification provider. Attributes are passed from the account binding settings of the corresponding external identity provider.

  • hints – hints passed to the login form call. For example, the user’s login can be passed here, if the user initiated self-registration from the login form, which in turn was opened with the login_hint parameter;

  • lang – the current language of the user interface on the login page.

Request example (when the user clicks “Register” on the login page):

POST /reg/url HTTP/1.1
Content-Type: application/json

{
   "id":"6DXDHyyiZ2hByUN-sCRUEdvAoQun7WwQ",
   "entryPoint":"WEB",
   "appId":"portal",
   "expires":1608129702,
   "hints": {},
   "attrs": {},
   "lang": "ru"
}

In response, the registration initiation service must return either an HTTP response to be executed in the user’s browser (for example, the HTML code of the page or initiate redirection of the user in the browser to the registration page), or an error message.

Response example:

HTTP/1.1 302 Found
Location: https://www.company.ru/register/

As a result, the user will be redirected from Blitz Identity Provider to a third-party registration application.

Registration completion service#

When the user in the third-party registration application has entered all the data necessary for account registration, the third-party registration application should call the Blitz Identity Provider service to complete the registration of the user account. The service is called by the POST method at https://login.company.com/blitz/reg/api/v1/users/{id}, where the ID of the registration request previously received from Blitz Identity Provider is passed as the id in the URL of the service.

The following header should be added to the request, where secret is assigned to the application when registering in Blitz Identity Provider client_id:rest_secret in Base64 format:

Authorization: Basic <secret>

Attention

The list of attributes is provided as a sample. The contents of the list must be adjusted depending on the specific settings made during the implementation of Blitz Identity Provider. See Administration.

The request body must contain the attributes of the account being registered:

  • first_name is a surname;

  • name is the name;

  • middle_name is a middle name;

  • phone_number is a mobile phone number in the form of a composite object with attributes:

    • value is a phone number in the format (country code)XXXXXXXXXX;

    • verified – indicates that the phone has been verified – true or false;

  • email – an email address in the form of a composite object with attributes:

    • value – email address;

    • verified – indicates that the address has been verified – true or false;

  • password is the password for the user account being created (must match the configured password policy).

Request example (registration with confirmed email and phone number):

POST /blitz/reg/api/v1/users/6DXDHyyiZ2hByUN-sCRUEdvAoQun7WwQ HTTP/1.1
Authorization: Basic YXBwX2lkOmFwcF9zZWNyZXQ=
Content-Type: application/json

{
    "first_name":"Иванов",
    "name":"Иван",
    "middle_name":"Иванович",
    "phone_number": {
        "value": "79991234567",
        "verified": true
    },
    "email": {
        "value":"mail@example.com",
        "verified": true
    },
    "password":"QWErty$123"
}

In response, Blitz Identity Provider, if registration is successful, will return JSON with the following data:

  • subject is the ID of the registered user;

  • origin is the link to which the user’s browser should be directed;

  • cookies are cookies that need to be set when redirecting the user’s browser to a shared c Blitz Identity Provider domain;

  • instanceId, instructions – other process information that should be ignored.

Response example:

{
   "instanceId": "amRiY2lkcG9zdGdyZXM6YzhjMGExYzEtYzdmYS00ZDg3LWFiYmMtZTNiYzg1YTk4",
   "subject":"5cffd68f-2cb8-4f7a-b0f3-9fa69a1fbbcd",
   "context":"6DXDHyyiZ2hByUN-sCRUEdvAoQun7WwQ",
   "cookies": [{
      "name": "css",
      "value": "TSQA-AruOjUNphGZ984eLgzT_ROebNiBsjyjEg4n-nL-PdsiXqq"
    }],
    "origin": "/blitz/profile?",
    "instructions": []
}

After redirecting the user’s browser registration by a third-party application using the link specified in origin and with the specified Blitz Identity Provider cookies will create a session and ensure that the user logs into the application for which the user has registered an account.