I've read through the documentation many times, but I don't think I quite understand how account syncing for SSO is supposed to work.
Here's the theory I'm working with:
- I set up my rails app to use SHA1 encryption
- I set up foxycart to send the user hash and salt with SHA1
- when I receive a transaction data feed, find or create the user account in my app, and set the password hash and salt to the values from the feed
- the user should now be able to sign in to my app using the same password they used on foxy cart
Is that correct? If so, then I must be missing some configuration issue for my app's encryption method that's causing its generated hash not to match the one from foxy cart, but I don't know what that config issue might be.