Login hint support
Login hints elevate customer experiences by streamlining various aspects of the authentication and registration journeys. They enable seamless sign-in and registration for users by providing contextual information to Strivacity. Whether optimizing the sign-in flow for redirected users, simplifying the registration journey for new customers, or expediting the onboarding process for invited users, login hints allow you to deliver frictionless brand interactions.
Strivacity also supports SAML-based login hints.
OIDC hint
User identification login hint
You can streamline the sign-in experience with login hints when users are redirected from your application or website. In this scenario, Strivacity makes the account selection for the user, so users only have to enter their password or continue with MFA.
Once a user enters their credentials, you can pass a login hint parameter as a JWT (JSON Web Token) to the login flow containing the user’s identifier. Strivacity’s built-in login hint capability will automatically consume the JWT at redirection.
Strivacity expects the payload of the user identification login hint in the following format:
{
"type": "identifier",
"metadata": {
"username": "natalie.estevez",
"email": "[email protected]"
}
}
Registration login hint
Login hints also allow you to streamline the registration process for users. For example, after you’ve collected a user’s email address or other information on your website, you can pass on that information with a login hint parameter when they are redirected to sign up. This way users don’t have to enter the same information multiple times.
Strivacity expects the payload of the user registration login hint in the following format:
{
"type": "registration",
"metadata": {
"attributes": {
"name": {
"givenName": "John",
"middleName": "Hodor",
"familyName": "Snow",
"nickName": "Johnny"
}
}
}
}
How to
JWTs are used to deliver the login hint payload from the browser to Strivacity. JWTs are passed from the brand portal to Strivacity via the OIDC authorization endpoint by appending the JWT to the URL query string. Construct the JWT using a tool of your choice and append it to the authentication call URL:
https://yourdomain.strivacity.com/oauth2/auth?login_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0eXBlIjoib3JnYW5pemF0aW9uIiwib3JnYW5pemF0aW9uIjp7InJvdXRlIjoic2Fhc2lpIn19.
The header and payload part of the encoded JWT string should appear as follows.
Login hint encoded in a JWT token
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0eXBlIjoib3JnYW5pemF0aW9uIiwib3JnYW5pemF0aW9uIjp7InJvdXRlIjoic2Fhc2lpIn19.
An important dot
Only the header and payload are needed for the login hint. If you include the signature, the organizational login hint will NOT work. Please make sure to always include the . character at the end of your JWT string right after the payload.
SAML hint
SAML assertion
Strivacity supports SAML-based customization of user authentication. Strivacity as an SAML provider can accept login hints containing user information in the form of Subject.NameID, similar to how the login_hint parameter is used in OIDC.
Your brand portal can include the user’s Subject.NameID in the SAML AuthRequest sent to Strivacity’s authorization endpoint. Strivacity then consumes the request and authenticates the user by issuing a SAML assertion.
Strivacity expects the SAML AuthRequest in the following format:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="12345" Version="2.0" IssueInstant="2024-03-04T12:00:00Z" Destination="https://saml-provider.com/authn">
saml:Issuer<https://yourbrandportal.io</saml:Issuer>>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
samlp:Subject
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</saml:NameID>
</samlp:Subject>
</samlp:AuthnRequest>
Updated about 1 month ago