Once the end user successfully goes through the Pinn authentication process on their mobile device, what remains is for Pinn to communicate the result of that process to your web backend. This is done through a cryptographically signed ID Token that Pinn creates and your backend verifies. This section explains how your backend can perform this verification.
The Web SDK sends this ID token to your backend through a hidden HTTP form submitted via the POST method. In your backend code( in whichever programming language you already use), create an endpoint to verify the ID token and & mdash; just as your backend did for simple password authentication & mdash; redirect the user to the appropriate next page.
Your backend POST handler should:
- Receive the HTTP POST form data and extract the
- Verify the ID Token. See ID Tokens for more information on how to implement ID Token verification.
- Extract the Pinn User ID from the ID Token.
- Use the Pinn User ID to look up the actual user object from your app's data store. (You must already be maintaining a mapping between Pinn User ID and your user objects for each user enrolled with Pinn.)
- If successful so far, update the user session information to reflect a status of "logged in", as you normally would for a password-only login flow.
- Redirect the user's web browser as appropriate to, for example, an account details page.
Here is an example route handler, in this case written in Python for a Flask app:
@app.route('/login', methods=['POST']) def id_token_login(): if 'id_token' not in request.form: abort(400) # Verify the ID Token id_token = request.form['id_token'] try: claims = pinn.IDToken.verify(id_token, amr=) except: pass # handle error # Query the user with the Pinn User ID user = User.query.filter_by(pinn_user_id=claims['sub']).first() if user is None: abort(404) # Log the user in login_user(user, remember=True) return redirect(next_url or url_for('.index'))
Continue on to advanced topics for further customization.
We are here to help! Contact us with any development related questions at firstname.lastname@example.org and we'll reach back in a timely manner.