Guides
Start typing to search…

Delegated Authentication

When your app already has user accounts, the Vipaso Pay SDK offers delegated authentication. This approach allows you to maintain your existing identity management system while still using Vipaso SDK payment features

Overview

Establishing Authentication

The establishAuthentication method facilitates the authentication of users managed by your identity provider. It requires a unique user identifier and a connection handler function that bridges the authentication between Vipaso SDK and your backend system.

// Create a suspend function for the connection handler
private suspend fun connectToYourBackend(jwk: String): String {
    // Send the JWK (JSON Web Key) to a dedicated backend endpoint in your domain
    val response = yourApiClient.authenticate(jwk)
    // Return the output string received from your backend
    return response.token
}

// Establish authentication with Vipaso SDK
try {
    val userIdString = "user-123" // The unique identifier for the user in your system
    vipasoPay.delegatedAuth.establishAuthentication(
        userIdentifier = userIdString,
        connect = { jwk -> 
            // This callback receives a JWK (provided by Vipaso SDK) as input
            // and must return a string you receive from your backend
            connectToYourBackend(jwk)
        }
    )
    // Once this call returns successfully, you can use all the SDK features
} catch (e: Throwable) {
    // Handle authentication errors
    Log.e("DelegatedAuth", "Error establishing authentication: ${e.message}")
}

Logging Out

Logout is synchronous and there is no backend communication involved. The SDK will clean up everything from its database that is connected to the user.

// Logout the current user
vipasoPay.user.logout()

// The login state will update automatically
// You can observe login state changes via user.getUserLoginState()

Observing Authentication State Changes

Important: The SDK will not expose authentication tokens directly to the client side. Instead, it will securely store them internally and emit updates to notify your app about the authentication state changes.

You can observe login state changes using the getUserLoginState flow:

// Collect login state updates in a coroutine scope
lifecycleScope.launch {
    vipasoPay.user.getUserLoginState().collect { loginState ->
        when (loginState) {
            is LoginState.LoggedIn -> {
                // User is authenticated
                // For example, navigate to the main screen or enable Pay features
                Log.d("DelegatedAuth", "Vipaso SDK authenticated successfully")
            }
            is LoginState.NotLoggedIn -> {
                // User is not authenticated
                // For example, show login screen or disable Pay features
                Log.d("DelegatedAuth", "Vipaso SDK is not authenticated")
            }
        }
    }
}

This flow will emit updates whenever the authentication state changes, allowing your application to respond appropriately. It works consistently regardless of whether you're using managed authentication or delegated authentication.

Updated 8 days ago