Explaining how login flows work
As an example:
I have a Schibsted account and visit Finn.no, I am automatically logged in to Schibsted account and since I have accepted the terms of Finn before, I automatically get a session on Finn and can access my Finn account.
Users are automagically logged in to Schibsted account, but not on all services using Schibsted account. The reasons for that can be:
- Users may not be auto-logged in if they explicitly log out from Schibsted account OR if they uncheck the "remember me" checkbox when logging into Schibsted account. This is by design.
When client services uses the redirect login flow and send the user to Schibsted account for login, we trigger one of these 3 flows:
- If Schibsted account recognize the user and the user chose to be remembered:
- Auto-login the user
- If Schibsted account recognize the user and the user chose NOT to be remembered:
- Ask the user to login (if user doesn't have a session)
- If Schibsted account doesn't recognize the user (Schibsted account cookie not found):
This is a complete overview of Single Sign On using JS SDK, explaining the complete process between the client service (orange), the JS SDK (white) and Schibsted account (blue).
Here is a complete overview of how Schibsted account handles the login/signup process internally using the redirect login flow:
Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.