Social Login

How to login using a ‘Social’ Account to the CoSync REST API #

Sign in to a user account using a social login token. Currently, the CoSync Auth system supports both Apple Id and Google Gmail social login protocols. This function receives the social token from the social login provider and a provider string that specifies the social provider (for instance, ‘apple’ or ‘google’).

If successful, the socialLogin function will send back a JWT token that contains

  • aud - audience (the Realm App Id)
  • sub - subject (the user login handle - email)
  • exp - an expiration date for the JWT token
  • iat - the issue date for the JWT token
  • metadata fields - metadata for the user

The metadata fields are defined by the application metadata array of metaDataField objects. Each metaDataField object defines a path and a field name. The root of the path shows up as a claim on the JWT token, fields are child properties.

The JWT token is signed with the application private key that is held by the CoSync Auth service. The JWT token is used to login into MongoDB Realm by the client device.

The socialLogin function will also send back a signed access token for the logged in user. This access token contains:

  • handle - user email handle
  • appId - CoSync Auth application id
  • scope - user
  • iat - time at which claim was issued

Social login circumvents any two-factor authentication configured for regular email accounts. The socialLogin function will not succeed if a user email account has previously been established for the ’email’ provider or if an account with an alternative social provider already exists for the same email.

URL # 
    /api/appuser/socialLogin
Method # 
    POST
Headers # 
	app-token: "<App Token>"
Data Parameter # 
    {
        token: "<social token>",
        provider: "<social provider ('apple' or 'google')>"
    }

Response: #

Success: #

StatusCode: # 
    200 (OK)
Contents: # 
    {
        jwt: "<JWT for logged in user>",
        access-token: "<access token for user>": 
    }

Error: #

StatusCode: # 
    400 (BAD REQUEST)
    500 (INTERNAL SERVER ERROR)
Content: # 
    {
        code: "<internal error code>",
        message: "<readable error description>"
    }

The internal codes are integers:

  • 400 - invalid app token
  • 401 - app no longer exists
  • 402 - app is suspended
  • 403 - missing parameter
  • 404 - user account is suspended
  • 413 - app is migrated
  • 415 - app does not support Apple login
  • 416 - app does not support Google login
  • 500 - internal server error
  • 600 - invalid login credentials
  • 603 - email does not exist
  • 607 - user name does not exist
  • 608 - account has not been verified
  • 611 - apple account already exist
  • 612 - google account already exist
  • 613 - token is invalid