I'm trying to figure out how to handle auto login between mobile and web app using SAP Gigya. We also use Gigya REST API and Gigya SDK for mobile and web.
User story:
- User logged in to a native mobile application
- User clicks on a link
- Opens a secure page in the user's browser
- Somehow, we verify the user, then give or reject access
I found accounts.auth.login SDK method. https://help.sap.com/docs/SAP_CUSTOMER_DATA_CLOUD/8b8d6fffe113457094a17701f63e3d6a/4131647270b21014bbc5a10ce4041860.html
But I don't have any idea how I can manually generate a one-time accessToken without out of box Gigya authorization solution.
It'd be great to hear about your experience and ideas.
it is DEFINITELY doable.
I can't divulge too much here, but our mobile apps do exactly what you described. We pass a JWT and uid token to our back end by way of a header.
That's going to be your key there. Now, whether you want to validate the token or not is up to you, it's all about trust.