Integrate SuperAuth, no username and no password login, in your websites and apps within 60 seconds.

Before you begin

Create WebApps for your website or app and get client id and client secret key.


Add a SuperAuth Sign-In button

The easiest way to add a SuperAuth Sign-In button to your site is to use a contextual sign-in button. With only a few lines of code, you can add a button that automatically configures itself to have the appropriate text, logo, and colors for the sign-in state of the user and the scopes you request.

To create a contextual SuperAuth Sign-In button, add a div element with the class s-signin to your sign-in page. You can also add your own css class in the div tag along with s-signin.

<html>
<head>
<meta name="superauth-signin-client-id" content="YOUR_CLIENT_ID" />
<script src='//cdn.superauth.com/jscript/platform.js' async defer></script> <!--SuperAuth library-->
</head>
<body>
<div class="s-signin" btn-text="optional" pop="true/false"></div>
<input type="hidden" id="s-state" value ="AZaz09_NoSpecialCharString" />
</html>
btn-text Button text
pop Popup the SuperAuth login page
s-state A string value created by your web app to maintain state between the request and callback. This parameter should be used for preventing Cross-site Request Forgery and will be passed back to you.
You can also simply link with SuperAuth login page using https://superauth.com/YOUR_CLIENT_ID?state=AZaz09_NoSpecialCharString


Get token after authentication

After user authenticated by SuperAuth, user redirects to your return url, as you specified during webapps registration, along with token in the query string.

http(s)://YOUR_RETURN_URL?token=<auth_token_id>&state=<send_by_you>

Get authenticated user information


To get authenticated user information such as verified user's email address, you’ll make a request to the /v1/getuserinfo endpoint. User token will expire in one minute or after first request.

Method URL

https://superauth.com/v1/getuserinfo

Parameters

token_type String "check_token" - hard coded value
token String Token received from SuperAuth during authentication
client_id String Get client_id from SuperAuth Dashboard
token_value String Calculate Sha256Hash(Concatenate[token,client_id,client_secret]). Get client_secret from SuperAuth Dashboard
method Get / Post

Get:
https://superauth.com/v1/getuserinfo?token_type=check_token&token=<user_token_got_from_SuperAuth>&client_id=<your_client_id>&token_value=<Sha256Hash(Concatenate[token,client_id,client_secret])>

Example:
https://superauth.com/v1/getuserinfo?token_type=check_token&token=xxxxxx&client_id=xxxxx&token_value=xxxxxxxx

Success Response

{
"user":{

"email":"johndoe@xyz.com",
"fname":"john",
"lname":"doe",
"age":"21+",
"on":"20151230T184312Z",
"token_value":"a1ca9a1837b745089c10059068610e43060620162231"

}
}

Error Response

{
"message":"No Data"
}
email String Verified user's email
fname String first name
lname String last name
age String age group. 0 - 12, 13 - 17, 18 - 20 or 21+
on Date Authenticated on UTC
token_value String Calculate Sha256Hash(Concatenate[token,client_id,client_secret,email]).
message String Error message

PHP code to get user info

Once you get the token from SuperAuth, call the SuperAuth web service to get user information. Use below PHP code to get user information.

$tokenval = hash('sha256', $token.$clientId.$clientSecret); //calulate token_value
$url = "https://superauth.com/v1/getuserinfo?token_type=check_token&token={$token}&client_id={$clientId}&token_value={$tokenval}";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, '3');
$resp = trim(curl_exec($ch));
curl_close($ch);
if(!empty($resp)) { $respArr = json_decode($resp,true); if(isset($respArr['user'])) { $user_email = $respArr['user']['email']; $first_name = $respArr['user']['fname']; $last_name = $respArr['user']['lname']; $user_age = $respArr['user']['age']; $rettokenval = $respArr['user']['token_value']; //validate return token_value if ($rettokenval == hash('sha256', $token.$clientId.$clientSecret.$user_email)) { //good to proceed } }
/*if email already exists in your user db, then authenticate that user.
If not, then create a new user with above information and authenticate the user.*/

C# code to get user info

Once you get the token from SuperAuth, call the SuperAuth web service to get user information. Use below C# code to get user information. Install Newtonsoft for parsing return json value.

    /*using Newtonsoft.Json.Linq;*/
    string strmsg;
    string ClientId = "YOUR_CLIENT_ID";
    string ClientSecret = "YOUR_CLIENT_SECRET_KEY";

    tokenval = SHA256HASHToken(Request.QueryString["token"] + ClientId + ClientSecret);
    tokenval = tokenval.ToLower();

    var httpWebRequest = (HttpWebRequest)WebRequest.Create("https://superauth.com/v1/getuserinfo");
    httpWebRequest.ContentType = "application/json; charset=utf-8";
    httpWebRequest.Method = "POST";
    using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
    {
        string json = "{\"token_type\":\"check_token\",\"client_id\": \"" + ClientId + "\",\"token_value\": \"" + tokenval + "\", \"token\": \"" + Request.QueryString["token"] + "\"}";
        streamWriter.Write(json);
        streamWriter.Flush();
    }
    var httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();
    using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
    {
        var result = streamReader.ReadToEnd();
        JToken jobj = JObject.Parse(result);
        string message = (string)jobj.SelectToken("message");
        JObject user = (JObject)jobj.SelectToken("user");
        if (user != null)
        {
            string email = (string)user.SelectToken("email");
            string fname = (string)user.SelectToken("fname");
            string lname = (string)user.SelectToken("lname");
            string age = (string)user.SelectToken("age");
            string rettokenval = (string)user.SelectToken("token_value");
            //validate returned token_vlaue
            if (SHA256HASHToken(Request.QueryString["token"] + ClientId + ClientSecret + email.ToLower()) == rettokenval)
            {
                //good to proceed
            }
            else
            {
                strmsg = "Not Authorized. Token is invalid. Try again.";
            }
        }
        else if (!string.IsNullOrEmpty(message))
        {
            strmsg = message + ". May be exceeded time limit. Try again.";
        }
        else
        {
            strmsg = "Not Authorized. Either exceed time limit or No data found. Try again.";
        }
    }    

    /*if email already exists in your user db, then authenticate that user. 
        If not, then create a new user with above information and authenticate the user.*/
                            

C# SHA256 Hash calulation below.

        /*using System.Security.Cryptography;*/
        public static string SHA256HASHToken( string keyString)
        {            
            try
            {
                // Create a SHA256   
                using (SHA256 sha256Hash = SHA256.Create())
                {
                    // ComputeHash - returns byte array  
                    byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(keyString));
                    // Convert byte array to a string   
                    StringBuilder builder = new StringBuilder();
                    for (int i = 0; i < bytes.Length; i++)
                    {
                        builder.Append(bytes[i].ToString("x2"));
                    }
                    return builder.ToString().ToLower();
                }
            }
            catch (Exception e)
            {
                return string.Empty;
            }
        }