Skip to content

Features

This document briefly introduces the various mobile app authentication features provided by the BambooCloud IDaaS platform and the flow description of each feature.

Login Features

Username/Password Login

Log in by entering an account and password. (The SDK only provides APIs; the UI is designed by the caller.)

Flow Description:

  1. The caller designs the login page.
  2. Call the SDK and enter the username and password to log in.
  3. A sessionToken is returned.
  4. After obtaining the sessionToken, back-end service development is also required. Click "Verify Token" to learn about back-end service development.
  5. To learn how to integrate login, see Android and iOS.

SMS Login

Log in by entering a mobile number to obtain an SMS verification code. (The SDK only provides APIs; the UI is designed by the caller.)

Flow Description:

  1. The SMS login page is built into the SDK.
  2. The SMS login page is designed by the caller.
  3. Enter the mobile number.
  4. Tap to send the SMS.
  5. The sliding-captcha module pops up for verification.
  6. After verification succeeds, an SMS is automatically sent to the user's mobile phone.
  7. Enter the verification code and tap Login.
  8. A sessionToken is returned upon success.
  9. After obtaining the sessionToken, back-end service development is also required. Click "Verify Token" to learn about back-end service development.
  10. To learn how to integrate login, see Android and iOS.

TIP

The sliding-captcha module is built into the SDK and does not require user attention.

One-Tap Mobile-Number Login

Based on the carrier's mobile data network, this feature uses technologies such as "communication gateway number fetching" and SIM card recognition to accurately identify the user's mobile number and enable password-free login.

Social Login

Social login is usually a rigid demand for users, but the entry requirements of each platform are cumbersome. In addition to connecting to each platform's SDK, you also need to maintain SDK versions and compatibility between platforms.

Regular steps:

  1. Register a platform account.
  2. Apply for an application.
  3. Front-end integration.
  4. Back-end integration.
  5. Service joint debugging.
  6. Troubleshoot errors and compatibility issues.
  7. Track SDK version upgrades and changes of major platforms in the long term.

Using the IDaaS SDK requires only three steps:

  1. Import the IDaaS SDK.
  2. Configure third-party platform parameters.
  3. Call the API.

(The red parts in the figure are completed by the SDK.)

Flow Description (WeChat and Alipay flows are the same):

  1. The social login button on the page is designed by the caller.
  2. Tap WeChat login and call the SDK WeChat login method.
  3. The WeChat authorization page pops up; tap to authorize.
  4. After authorization succeeds, a temporary WeChat authorization code is returned.
  5. The SDK calls the IDaaS server through the authorization code to obtain user information.
  6. If not bound, the SDK pops up a binding page to enter the mobile number and verification code for binding and returns the sessionToken.
  7. Bound users directly return the sessionToken.
  8. After the APP obtains the sessionToken, it needs to pass it to the back end for verification.
  9. To integrate Alipay login, click "Android" or "iOS" to start.
  10. To integrate WeChat login, click "Android" or "iOS" to start.
  11. After obtaining the sessionToken, back-end service development is also required. Click "Verify Token" to learn about back-end service development.

Integration Example (Using WeChat as an Example):

  1. Tap WeChat login.

  2. Unbound state: enter the mobile number to obtain the verification code, and the sliding verification pops up.

  3. Start sliding verification.

  4. After verification succeeds, wait for the SMS verification code:

  5. Enter the verification code and tap Bind.

Verify Token

The APP server needs to verify the sessionToken returned by the SDK and obtain user information.

Flow Description:

  1. After the APP logs in successfully through the IDaaS SDK, it obtains the sessionToken.
  2. The APP passes the obtained sessionToken to the APP back end.
  3. The APP back end first needs to obtain the IDaaS server API access permission.
  4. The API authorization credential returned by the IDaaS server is obtained.
  5. Carry the sessionToken and the authorization credential to exchange for an ssoTicket.
  6. Obtain user information through the authorization credential and ssoTicket.
  7. Return user information (return fields are configurable; see the figure below).

WARNING

Maintain the validity period of the sessionToken.

Next:

Learn about server-side integration APIs.

Session Persistence

How to achieve session persistence after login? Session validity period configuration is provided (please refer to step 3 in Preparation in Getting Started). After logging in successfully, the caller needs to save this user session on the server and record the configured session validity period. You can choose to refresh the session one day or one hour before it expires. In this way, the caller can achieve session persistence.

Flow Description:

  1. After the APP obtains the sessionToken returned by the SDK, the APP server verifies the sessionToken.
  2. After verification succeeds, the APP server saves it and stores the expiration time.
  3. If the sessionToken is found to be about to expire, call the IDaaS API to refresh it.
  4. The latest sessionToken is returned.

Self-Service

Real-Name Authentication

Real-name authentication is a service that verifies and reviews the authenticity of user identity information, providing various real-name information authentication capabilities such as facial recognition, identity information verification, and bank card element verification, to address the industry's large demand for verifying the authenticity of user identity information.

Third-Party Account Management

After a user authorizes a third-party platform account to log in, the system automatically binds and associates it with the main account. If unbinding is required, this module can be used.

Flow Description:

  1. The user taps WeChat or Alipay login in the APP.
  2. Obtain the returned sessionToken.
  3. The APP calls third-party account management by passing the sessionToken.
  4. The SDK requests the back end to obtain the list of third-party accounts already bound to the current account.
  5. The SDK pops up the built-in management page.
  6. The user can view or tap an item to unbind.

Integration Effect (as shown in the figure):

Tap an item to perform the unbinding operation.

UI Customization

The IDaaS SDK supports lightweight customization of some page UIs (as shown in the figure).

BambooCloud IDaaS Open Platform