SSO: Can we implement reverse login flow?

bkvaiudebkvaiude Member
in Help edited January 2014

Here is the scenario:

In the SSO feature, we can configure single sign on url, where we write a script to check whether user is logged in or not and take the appropriate decision on the logged in status.

So in case logged in user it works perfect but for other case I am allowing user to checkout as guest (I want to allow user to cont. as guest)

Now What I need is?

If user successfully logged in on foxycart checkout page, then I need to maintain his logged in status on my site also
Because I am using same encryption method / customer password hash type in my site, so user account is sync with foxycart user account.

On the callback I get password as well as salt and hash type in the response, but I am not able to notify to receipt page or not to my website.

Is the SSO reverse login flow thing possible to implement?

Bhushan V.
  • winstonwinston FoxyCart Team
    Hey @bkvaiude

    Have you looked into the shared authentication script we have on our wiki? It's basic code to get started down the path that I believe you are describing.

    Otherwise, our documentation will cover most everything that is possible with SSO:
  • Hi @winston,

    Yes. I have followed that code, but as I mentioned I am not forcing user to logged in on my website,
    I am allowing them to checkout as guest event they are registered user!!!

    in case of registered user,
    1) they are not logged in to my website
    2) they continue to checkout page as guest
    3) on check out page they logged in to as foxycart user
    4) PROBLEM IS HERE on successful checkout, I want them appeared as logged in user as they are already logged in to foxycart account

    Note: I am sync there account details at time of foxycart callback, so user have same username & password as similar to foxycart.

    is there way maintain logged in status from foxycart checkout page to my website?
  • fredfred FoxyCart Team
    edited January 2014
    Hey, @bkvaiude! Glad you've looked over our docs.

    What you'd want to do is:
    1.) Maintain a mapping of customer IDs to your website's user IDs as discussed in the docs.\
    2.) When the customer is redirected to your endpoint WITH a valid SSO token (code for checking if the token's valid is in the docs too), then your site would create a logged-in session for the user and then SET a cookie for, e.g., * with the session information.

    That way, when the user returns from the checkout flow, their browser will send the session cookie to your site and they'll already be logged in.

    Update: I just realized that our SSO doesn't work like I was thinking. The current best recommendation is to use the "receipt only" template tags to redirect onto the receipt page.
    <script type="text/javascript">
    window.location.href = ""; + FC.customer_id

    Then you'd redirect back to the the receipt. The key to securing your "logmein" page is to use our API to check that that customer just placed an order.
  • Thanks for help. @fred

    I have implemented your solution but I think I am getting FC variable or object on receipt page but it doesn't contain customer id.

    Am I doing anything wrong?

    Here is what i am getting in FC variable:

    client : fn..,
    json : object,
    session_id : "5dsfdsf d",
    session_name : "fcsid",
    __proto : Object
  • fc_adamfc_adam FoxyCart Team
    edited January 2014

    Oops - yeah, that variable doesn't exist. Are you using 1.0 or newer? If so, you can use Twig for that and it would look like this on your template:
    <script type="text/javascript">
    window.location.href = "{{ customer_id }}"
  • I am trying to do this in FC 2.0 and have this code in "custom footer" section in the admin configuration:

    {% if first_receipt_display %}
    <script type="text/javascript">
    window.location.href = "{{ customer_id }}"
    {% endif %}

    {{ customer_id }} does not output anything

    I tried fc_customer_id instead of customer_id and it output 0 (zero).

    Is this still possible in 2.0? Is there any info I can output to redirect the user straight to my site and know info about their purchase?
  • fc_adamfc_adam FoxyCart Team

    Unfortunately it looks like the customer_id value was removed from 2.0 - you could instead look at using the transaction ID and/or customer email. I'll create a ticket on our side to see why that value was removed, and look at adding it back in
  • Thanks.

    In FC 2.0 this is working fine now:

    {% if first_receipt_display %} {
    <script type="text/javascript">
    window.location.href = ""{{ order_id }}/&billing_email=" + encodeURIComponent('{{ customer_email }}');
    {% endif %}

    If using customer_id or fc_customer_id is an option that may be preferred over using the email, but this is great for now.

    Thanks :)
  • @fc_adam

    I am getting following 500 error when I do redirect receipt page through the javascript, as you suggested in last message.

    [Tue Nov 25 11:06:20 2014] [error] [client] malformed header from script. Bad header=479314587: php54.cgi, referer:

    I am using the php5.x and linux server on webfaction

    Can you please give some insights on "malformed header from script." issue?

  • fc_adamfc_adam FoxyCart Team

    Am I correct in assuming that the error you've pasted there is from the script you're redirecting to from the receipt? If so, does it point you to a specific part of your script that you could debug?
  • @fc_adam

    Here is the full information.
    On the receipt page there is redirection to our website on following location URL


    It works smoothly when I enter the url directly into the browser,
    but it does not work when it get redirected from foxycart receipt page,
    it gives 500 error on the redirected page and then it works on referesh.

    So I look into the error log it shows me following lines saying bad header from foxycart server
    [Tue Nov 25 11:06:20 2014] [error] [client] malformed header from script. Bad header=479314587: php54.cgi, referer:
  • fc_adamfc_adam FoxyCart Team

    Have you confirmed that those placeholders are being replaced correctly in terms of where you're being redirected to? If either of those values remain unchanged, I can see the 500 error displaying when accessing it directly.
  • @fc_adam Yes it is get replaced when receipt page is loaded..

    For the ref, I have add that whole code here.
    for e.g.
  • fc_adamfc_adam FoxyCart Team

    Loading that URL results in a 500 error for me. Do you have some sort of firewall or IP restrictions in place to prevent external access to the page?
  • @fc_adam
    thanks for the help.
    It was my mistake.
Sign In or Register to comment.