Sign in with Pliro

Allow customers to sign into your website and manage their access to protected content.

Pliro provides an authentication solution that makes it possible to sign customers into your website and grant them access to protected content. The solution is based on OpenID Connect and OAuth 2.0.

Here's an overview of how it works:

  1. When a customer clicks the sign in button on your website, you redirect them to Pliro's sign in-flow.

  2. After completing the flow, they are redirected back to your website with a code you can use to request an ID token and an access token. The ID token contains information about the signed in customer in the form of a JSON Web Token. The access token can be used to retrieve updated information about the customer.

  3. You sign the customer into your website and store the tokens in their session.

  4. When a customer clicks the sign out button on your website, you end their session. If you'd like, you can then redirect them to Pliro to end their Pliro session as well.

  5. When a customer clicks the sign out button on their account page in Pliro, you can optionally receive a notification over HTTP, and end their session on your website.

We also provide an example integration that demonstrates all of these flows.

Prerequisites

To get started you'll need to create an OAuth application in Pliro. This can be done from the Pliro dashboard by navigating to "Settings > OAuth applications > New application". We recommend using Pliro's test environment while building out your integration. If you are working on your local machine you can set your application's Redirect URI to http://localhost:3000/callback or something similar.

After creating an OAuth application, the application's client ID and client secret will be shown. You'll need these credentials to authenticate your requests to Pliro.

Supported application types

Pliro currently only supports OAuth applications that can securely store a client secret, i.e., server-side web apps. In the future, we hope to extend support to client-side web apps (SPAs) as well as mobile and native apps.

Learn how to:

Last updated