Explaining how login flows work
As an example:
I have a SPiD account and visit Finn.no, I am automatically logged in to SPiD and since I have accepted the terms of Finn before, I automatically get a session on Finn and can access my Finn account.
Users are automagically logged in to SPiD, but not on all services using SPiD. The reasons for that can be:
- Users may not be auto-logged in if they explicitly log out from SPiD OR if they uncheck the "remember me" checkbox when logging into SPiD. This is by design.
When client services uses the redirect login flow and send the user to SPiD for login, we trigger one of these 3 flows:
- If SPiD recognize the user and the user chose to be remembered:
- Auto-login the user
- If SPiD recognize the user and the user chose NOT to be remembered:
- Ask the user to login (if user doesn't have a session)
- If SPiD doesn't recognize the user (SPiD cookie not found):
This is a complete overview of Single Sign On using JS SDK, explaining the complete process between the client service (orange), the JS SDK (white) and the SPiD platform (blue).
Here is a complete overview of how SPiD handles the login/signup process internally using the redirect login flow:
Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.