Basic authentication flow performed within primary application basic-authentication-flow-performed-within-primary-application
The Authentication flow within Adobe Pass Authentication entitlement allows the streaming application to verify that a user has a valid MVPD account. This process requires the user to have an active MVPD account and enter valid login credentials on the MVPD login page.
Authentication flow is required in the following cases:
- When the user opens an application for the first time.
- When the user’s previous authentication has expired.
- When the user logs out from the MVPD account.
- When the user wants to authenticate with a different MVPD.
In all of these cases, the application calling any of the Profiles endpoints receives an empty response or one or more profiles, but for different MVPDs.
The Authentication flow requires a user agent (browser) to complete a series of calls from the application to Adobe Pass backend, then to the MVPD login page, and finally back to the application. This flow may include several redirects to MVPD systems and managing cookies or sessions stored for each domain, which can be challenging to achieve and secure without a user agent.
Based on the primary application (streaming application) capabilities to support user interaction to select an MVPD and to authenticate with the selected MVPD in a user agent, the authentication scenarios are:
Perform authentication within primary application perform-authentication-within-primary-application
Prerequisites prerequisites-perform-authentication-within-primary-application
Before performing authentication through user interaction within a primary application, ensure the following prerequisites are met:
- The streaming application must select an MVPD.
- The streaming application must initiate an authentication session to sign in with the selected MVPD.
- The streaming application must authenticate with the selected MVPD in a user agent.
- The streaming application supports user interaction to select an MVPD.
- The streaming application supports user interaction to authenticate with the selected MVPD in a user agent.
Workflow workflow-perform-authentication-completed-on-primary-application
Follow the given steps to implement the basic authentication flow performed within a primary application as shown in the following diagram.
Perform authentication within primary application
-
Create authentication session: The streaming application gathers all the necessary data to initiate an authentication session by calling the Sessions endpoint.
note important IMPORTANT Refer to the Create authentication session API documentation for details on: - All the required parameters, like
serviceProvider,mvpd,domainName, andredirectUrl - All the required headers, like
Authorization,AP-Device-Identifier - All the optional parameters and headers
The streaming application must provide all the required parameters in a single call when creating the authentication session. - All the required parameters, like
-
Indicate the next action: The Sessions endpoint response contains the necessary data to guide the streaming application regarding the next action.
note important IMPORTANT Refer to the Create authentication session API documentation for details on the information provided in a session response. The Sessions endpoint validates the request data to ensure that basic conditions are met: - The required parameters and headers must be valid.
- The integration between the provided
serviceProviderandmvpdmust be active.
If validation fails, an error response will be generated, providing additional information that adheres to the Enhanced Error Codes documentation. -
Proceed with decisions flows: The Sessions endpoint response contains the following data:
- The
actionNameattribute is set to “authorize”. - The
actionTypeattribute is set to “direct”.
If the Adobe Pass backend identifies a valid profile, the streaming application does not need to re-authenticate with the selected MVPD, as there is already a profile that can be used for subsequent decisions flows.
- The
-
Open URL in user agent: The Sessions endpoint response contains the following data:
- The
urlwhich can be used to initiate the interactive authentication within the MVPD login page. - The
actionNameattribute is set to “authenticate”. - The
actionTypeattribute is set to “interactive”.
If the Adobe Pass backend does not identify a valid profile, the streaming application opens a user agent to load the provided
url, making a request to the Authenticate endpoint. This flow may include several redirects, ultimately leading the user to the MVPD login page and provide valid credentials. - The
-
Complete MVPD authentication: If the authentication flow is successful, the user agent interaction saves a regular profile in the Adobe Pass backend and reaches the provided
redirectUrl. -
Retrieve profile for specific code: The streaming application gathers all the necessary data to retrieve profile information by sending a request to the Profiles endpoint.
note important IMPORTANT Refer to the Retrieve profile for specific code API documentation for details on: - All the required parameters, like
serviceProvider,code - All the required headers, like
Authorization,AP-Device-Identifier - All the optional parameters and headers
note tip TIP Suggestion: The streaming application can wait for the user agent to reach the provided redirectUrlto check if the regular profile was successfully generated and saved. - All the required parameters, like
-
Return information about regular profile: The Profiles endpoint response contains information about the regular profile associated with the received parameters and headers.
note important IMPORTANT Refer to the Retrieve profile for specific code API documentation for details on the information provided in a profile response. The Profiles endpoint validates the request data to ensure that basic conditions are met: - The required parameters and headers must be valid.
If validation fails, an error response will be generated, providing additional information that adheres to the Enhanced Error Codes documentation.