Skip to main content

OAuth

We support the usage of other OAuth servers, in the case of you having your own existing authentication.

Requirements

  • You have your OAuth server set-up
  • The OAuth server authenticates the user onto the same domain as the website on which BidJS is located
  • The Authentication token is published as either a cookie or localStorage item onto the client browser
  • If using a cookie, the cookie domain and path should allow access on the domain on which BidJS is located
  • The OAuth server has an endpoint to return a user based on the token (commonly referred to as a /user endpoint)
warning

If you're using a cookie for the authentication token, the cookie must not be marked httpOnly so that it is accessible to the BidJS JavaScript.

User endpoint requirements

The user endpoint should return the following information, in order to ensure your users don't need to supply this upon logging in.

  • Email address
  • Forename
  • Surname
  • Address Line 1
  • City
  • Postcode
  • Country
  • Tel (Daytime)

Additionally, we accept the following information, which will be inserted into the user account if supplied

  • username
  • externalRef
  • Company Name
  • Address Line 2
  • County

We also accept the following Boolean for user outbid email configuration.

  • outbidEmailsOk

If the property is set to ‘true’ then outbid notification emails will be sent to the user. If the property is set to ‘false’ then outbid notification emails will not be sent to the user. Lastly if the property is an empty string or is omitted then the web application outbid emails configuration is used instead.

Setup

  1. Contact support@bidlogix.net, supplying us with the URL, HTTP Method (e.g. GET / POST) and an example response for your user endpoint. We will then update this on your account.
  2. Add the OAuth options to your BidJS configuration, as below
  window.bidjs = {  
    config: {    
      ...
    },  
    modules: {    
      ...
    },  
    options: {
      oAuth: {
        isTokenLocalStorage: true,
        loginUrl: 'https://www.yourdomain.com?redirect_to=<<REDIRECT>>',
        logoutUrl: 'https://www.yourdomain.com/logout',
        tokenName: 'yourAuthTokenName'
      }
    }
  }

if isTokenLocalStorage is false, then we assume your OAuth credentials are stored as a cookie.

The tokenName is either the name of the cookie, or the localStorage item.