#User authentication flow

As described briefly in the introduction, the most common server integration is the synchronized login flow between Subscribe and your site. It is also the hardest to achieve as it requires user data to be synchronized between both parties.

There are a bunch of synchronized authentication methods currently existing and in use around the web, among the most famous: Single Sign-Ons (like Facebook or Google using OAuth2 or OpenID), LDAP (mostly used internally by big corporations) and SAML (Security Assertion Markup Language). The later uses XML and requires an common entity to store and manage user data.

As we, at Poool, value your privacy and the one of your users, we created a new authentication method called JSAT (JSON Security Assertion Token). The name is derived from SAML and it actually achieves quite the same goal but in a different manner: it replaces XML with JSON (thank goodness) and removes the need for a third-party to hold the data.
In order to achieve this with a seemless experience for your users, JSAT requires a double-redirect authentication flow.

But wait... The most magical part is that it works both ways: it ensures a perfectly seemless experience whether the user signs-in from your website OR from Subscribe ✨

#Working principle

The flow seems hard to understand but basically sums up to two cases: a signin action from your website, or one from Subscribe.

Either way, the flow is the same:
  1. 1️⃣ Provider 1 (for example, your website) checks that the user exists internally
  2. 2️⃣ If it exists, it creates typical auth cookies, and create what we called an "auth callback".
  3. 3️⃣ Using the URL provided by the auth callback, it redirects the user to Provider 2's website (for example, Subscribe).
  4. 4️⃣ Provider 2 then tries to authenticate the user using the callback ID and the provided information
  5. 5️⃣ When authenticated, Provider 2 redirects the user to the redirect URL provided inside the previously created auth callback

And BAM 🎉 User is authenticated on both sides.

You will find an extensive guide on how to achieve this easily with examples in your favorite languages in our guides section soon.