Implement login persistence (SSO)
Keep me logged in (SSO) is a feature that allows users to maintain their login status without additional web login when logging into other websites that require web login, such as communities or web stores within the same project.
Note
- Keeping the login (SSO) must be implemented by the developers using the API response of Login Verification and User Information Retrieval provided by the Hive web login.
- The login retention (SSO) process must be implemented to proceed after a successful login verification by requesting the Login Verification and User Information Retrieval API.
Conditions for Maintaining Login (SSO)¶
To implement the Maintain Login (SSO) feature, all of the following conditions must be met.
- Login verification successful
- Users logged in within the same project
- Users with a generated PlayerID
Implementing Stay Logged In (SSO)¶
The Keep me logged in (SSO) feature can be implemented in the following order.
- If the login verification and user information retrieval API verification is successful, the JWT (user_info.access_token) value from the response is passed to another website within the same project that requires web login.
- The receiving site uses the Public Key to verify the Signature of the JWT and checks the expiration time. The logic for Signature verification and time checking must be implemented directly by the developers of the receiving site.
- The Public Key can be checked by searching for the corresponding project in the Hive console App Center > Security Key Settings.
- If the login verification is successful, the access token (JWT) Payload's
user_id(PlayerID) is checked to proceed with SSO login processing.
For SSO login processing to be successful, all of the following conditions must be met.- Successful JWT Signature verification
- JWT is not expired
- The user_id (PlayerID) included in the JWT Payload matches the PlayerID stored by the developer