Skip to main content

Connecting OAuth2 (OIDC) With Pre-Integrated Payment Provider

Introduction

Applicaster supports OAuth2 (and OpenID connect) for Native apps and Device Authorization Grant (following the https://www.rfc-editor.org/rfc/rfc8252 and https://www.rfc-editor.org/rfc/rfc8628).

Any Oauth2 authorization server that follows the protocol could be integrated to our apps with configuration. Applicaster is also Pre-Integrated with different Subscriptions and Payment platforms such as Cleeng, InPlayer and CTS Payments

Following this guide, you will be able to connect your OAuth2 provider with the pre-integrated payments provider (Cleeng, InPlayer, CTS).

The Flow

  1. User navigates to the sign-in page in the app.
  2. App present OAuth Screen.
  3. User Authenticates against the Authorization Provider.
  4. Authorization provider autheticates against the Payment Provider.
  5. Authorization provider responds the apps with the Access Token, Refresh Token and includes the Payment Provider's Access Token.
  6. Apps use the Payment Provider's tokens to fetch products, entitlements and notify for payment (when using In-App purchases).

Integration

In order to support the flow, it is required that the Authorization Server will interact with the payment provider, and will pack the payment providers data as part of the Token response. The app will then unpack this data and will use it to interact directly with the Payment Provider to fetch products, check entitlements and notify for payment (when using In-App purchases).

info

The payment provider token must be valid and "refreshed". We recommend to refresh the payment provider token on each "refresh" request.

Mobile

On mobile, the payment provider data should be packed as a claim inside the JWT token response. Below is an example, of a valid JWT access_token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCI8cGF5bWVudF9wcm92aWRlcj5fdG9rZW4iOiJ0b2tlbiIsInVzZXJuYW1lIjoiZW1haWwifQ.Gi944Ca3EDqhSTVZIhSR676_iBrl7DuDXcwpkpcY1WQ

The decoded token is:

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022,
  "<payment_provider>_token": "token",
  "username": "email"
}

Notice the payment provider token (and make sure you replace <payment_provider> with cleeng/inplayer/mpx).

TV

On TV apps, following the Device Authorization Grant Flow the payment provider data should be packed as part of the token response. For example:

Token Response

{
  "access_token": "<access token>",
  "expires_in": 3600,
  "refresh_token": "<refresh token>",
  "extensions": {
    "storage_keys": {
      "<payment_provider>": {
        "token": "<token>"
      }
    }
  }
}

Notice the payment provider token (and make sure you replace <payment_provider> with cleeng/inplayer/mpx).

info

Any additional paramaters could be packed inside the response, for example payment_provider_account_id, or payment_provider_username.