Associate Social Account to User ID Process
Content
- Overview
- Process Flow
- App Settings
- Associate Social Account User Journey
- API Walkthroughs
- Error Codes
- Revision History
Overview
This process defines how an existing, authenticated ULM user links their existing ULM User ID with a social provider of their choice. This Process supports the OIDC standard protocol for authentication and authorization between relying parties.
Note: This process is distinct from the Onboard and Authenticate User with Social Account Process that starts from an anonymous (or unauthenticated) view. However, you can consult that topic's introduction sections for more information about how OIDC and third-party social provider association works in ULM Cloud.
Process Flow
The following tables describe the Social Connection Process functionality at a high level, when the Process is invoked from a social media connection flow.
| Connect User ID to Social Media | ||
|---|---|---|
| Actors | Front-end-user, Client Application, ULM Cloud, Social Provider | |
| Pre-Conditions | The ULM User ID is fully activated with at least one verified email or mobile. | |
| The user is currently authenticated and in their user profile/settings. | ||
| The user has at least one social media account with a supported provider. | ||
| Basic Flow | 1 | The user selects to add a specific social media account to their sign-in options. |
| Notes: - The user selects to add a specific social media account to their sign-in options. - Your application UI does not need to render all options to the user |
||
| 2 | Client UI redirects to the social provider, and the user authenticates into that provider. | |
| Notes: - The Process fails if the social media log-in fails. |
||
| 3 | The social provider navigates the user back to ULM | |
| Notes: - On the backend, the provider sends along an authN access token that grants access to the user data. - ULM makes a separate call to the provider and redeems that token for the user data. - The user data includes the social media provider ID. |
||
| 4 | ULM first searches for any existing User ID currently associated to this particular social media ID. | |
| 5 | If no user is found, the Process prompts the user to confirm that they want to connect their ID to the selected social media provider. | |
| 6 | The user clicks Connect and ULM associates the social media with the User ID. | |
| Post-Conditions | The user's social account is associated to their ULM User ID. | |
| Going forward, the user now has the option to authenticate with that social account. | ||
| Error Messages | Generic authentication error(s). | |
| This social media account is already associated to another ULM User ID. | ||
| The selects social media is not supported. | ||
| Access token error (social provider does not return user information). | ||
App Settings
This Process currently has no relevant app settings to configure the Process behaviour.
Associate Social Account User Journey
This flow diagram illustrates the standard social association user journey using the Associate Social Account to User ID Process.
API Walkthroughs
This section provides guided walkthroughs of the Associate Social Account Process, including demonstrations of the various branching paths the Process can take during its execution.
Associate Social Account to Existing ULM User Scenario
In this flow, an authenticated user associates a trusted third-party social account to their user ID / user profile.
Initial Request
The Process Start API initializes the Process:
| POST /process/start/socialFederation.AssociateSocialMedia.v1.0 |
|---|
<no body>
|
Response
The Process prompts the user to select a social provider, from a list of available options:
| Response Body |
|---|
{
"processId": "13e6b3f4-7939-4fb7-a60f-cb09e852d430",
"processName": "socialFederation.AssociateSocialMedia.v1.0",
"displayMessage": "Please input required information",
"parameters": {
"providerId": "String"
},
"stepName": "ProviderPrompt",
"lastStep": false,
"output": {
"providers": [
"linkedin",
"google",
"facebook",
"apple"
]
}
}
|
Response Parameters
| Parameter | Description | |
|---|---|---|
| processId | Unique identifier for the current instance of this Process. | |
| processName | Full name of the Process, including the category and version number. | |
| stepName | Name of the specific step that the Process is currently on. | |
| lastStep | Boolean that indicates whether or not this was the last step in the Process. | |
| displayMessage | Optional message that the UI can display to the end user. | |
| parameters | Object that specifies the info this Process requires to continue its task. | |
| providerId | The identifier of the social provider requested for social onboarding/authentication. | |
| output | Object that contains data that the client can consume, retain, and use for additional operations. | |
| providers | A list of available social providers supported by ULM Cloud. | |
Next Request: Choose Social Provider
The user selects their desired social provider, and the client passes that info to the Process with the Process Step API:
| PUT /process/step |
|---|
{
"processId": "13e6b3f4-7939-4fb7-a60f-cb09e852d430",
"parameters": {
"providerId": "facebook"
}
}
|
Request Parameters
| Parameter | Description | |
|---|---|---|
| processId | Unique identifier for the current instance of this Process. | |
| parameters | Data object that contains the data request in the previous Process response. | |
| providerId | The identifier of the social provider requested for social onboarding/authentication. | |
Response: Redirect URL to Social Provider
ULM responds with a redirect for the client to follow:
| Response Body |
|---|
{
"processId": "13e6b3f4-7939-4fb7-a60f-cb09e852d430",
"processName": "socialFederation.AssociateSocialMedia.v1.0",
"displayMessage": "Please input required information",
"stepName": "CodePrompt",
"lastStep": false,
"output": {
"requestUrl": "https://www.facebook.com/dialog/oauth?response_type=code&client_id=<redacted>
&state=<redacted>&scope=public_profile%20email&redirect_uri=
https%3A%2F%2Fidp-local.corp.amdocs.com%2Frest%2Fv70%2Fprocess%2Fstep"
}
}
|
Response Parameters
| Parameter | Description | |
|---|---|---|
| processId | Unique identifier for the current instance of this Process. | |
| processName | Full name of the Process, including the category and version number. | |
| stepName | Name of the specific step that the Process is currently on. | |
| lastStep | Boolean that indicates whether or not this was the last step in the Process. | |
| displayMessage | Optional message that the UI can display to the end user. | |
| output | Object that contains data that the client can consume, retain, and use for additional operations. | |
| requestURL | The URL to the social provider which a UI or other implementing client application is expected to redirect to, to complete authentication with the selected social provider. | |
Note: The client can skip this step if the social provider ID is provided in the initial Process Start request URL:
| POST /process/start/socialFederation.SocialMediaAssistedOnboarding.v1.0?providerId=facebook |
|---|
<no body>
|
The Process will then respond with the client redirect URL. This method is useful when social provider badges are displayed on a UI (for users to click and immediately begin association procedure).
Next Step: Redirect to Social Provider
Clients are expected to redirect to the URL provided in the requestUrl parameter. Users are typically asked to authenticate to their social profile, and then grant access for ULM to read basic information (their name, email address, etc). The social provider then redirects back to ULM Cloud with an authorization code, which ULM Cloud independently verifies with the social provider back-end.
| GET /process/step?code=<redacted>&state=<redacted> |
|---|
<no body>
|
Response: Confirm Social Account Details
The Process then asks to confirm that this is the social account they wish to associate to their User ID:
| Response Body |
|---|
{
"processId": "13e6b3f4-7939-4fb7-a60f-cb09e852d430",
"processName": "socialFederation.AssociateSocialMedia.v1.0",
"displayMessage": "Please input required information",
"parameters": {
"confirm": "boolean",
"lastName": "string",
"firstName": "string",
"displayName": "string",
"phone": "string",
"email": "string",
},
"stepName": "ConfirmAssociationPrompt",
"lastStep": false,
"output": {
"providerId": "facebook",
"socialUserInfo": {
"id": "1425242407805720",
"email": "bob@example.com",
"firstName": "Bob",
"lastName": "Jones"
}
}
}
|
Response Parameters
| Parameter | Description | |
|---|---|---|
| processId | Unique identifier for the current instance of this Process. | |
| processName | Full name of the Process, including the category and version number. | |
| stepName | Name of the specific step that the Process is currently on. | |
| lastStep | Boolean that indicates whether or not this was the last step in the Process. | |
| displayMessage | Optional message that the UI can display to the end user. | |
| parameters | Object that specifies the info the Process requires to continue its task. Values maybe be pre-populated with socialUserInfo returned from the social provider. | |
| confirm | Boolean that indicates the user's agreement to associate the social profile with their ULM User ID. | |
| lastName | (Optional) The user's last name. | |
| firstName | (Optional) The user's first name. | |
| displayName | (Optional) A display name for the user. This could be just a combination of the user's first and last name or a nickname. | |
| phone | (Conditional) The user's mobile phone number. Mandatory if email is not provided. | |
| (Conditional) The user's email address. Mandatory if phone is not provided. | ||
| output | Object that contains data that the client can consume, retain, and use for additional operations. | |
| providerId | The identifier of the provider of the social account and associated data returned with it. | |
| socialUserInfo | Object of user data given by the social provider. | |
| id: The provider's unique identifier for the user's social account. | ||
Final Request: Confirm Association
The user confirms the association, and the client passes that choice to the Process with the Process Step API.
| PUT /process/step |
|---|
{
"processId": "13e6b3f4-7939-4fb7-a60f-cb09e852d430",
"parameters": {
"confirm": true,
"lastName": "Jones",
"firstName": "Bob",
"email": "bob@example.com",
}
}
|
Request Parameters
| Parameter | Description | |
|---|---|---|
| processId | Unique identifier for the current instance of this Process. | |
| parameters | Object that contains the data requested in the previous Process response. | |
| confirm | A boolean value indicative of the user's agreement to associate the social account with their ULM Cloud profile. | |
| phone | (Conditional) The user's mobile phone number. Mandatory if email is not provided. | |
| (Conditional) The user's email address. Mandatory if phone is not provided. | ||
Response: Success, Account Associated to User ID
The Process completes the association and returns a 200 HTTP status code.
| Response Body |
|---|
{
"processId": "13e6b3f4-7939-4fb7-a60f-cb09e852d430",
"processName": "socialFederation.AssociateSocialMedia.v1.0",
"lastStep": true,
"output": {
"providerId":"facebook",
"socialConnection": {
"id": 1,
"socialId": "1425242407805720",
"providerId": "facebook"
}
}
}
|
The user now has the option to authenticate with the associated social account.
Response Parameters
| Parameter | Description | ||
|---|---|---|---|
| processId | Unique identifier for the current instance of this Process. | ||
| processName | Full name of the Process, including the category and version number. | ||
| lastStep | Boolean that indicates whether or not this was the last step in the Process. | ||
| output | Object that contains data that the client can consume, retain, and use for additional operations. | ||
| providerId | The identifier of the social provider providing the newly associated social profile. | ||
| socialConnection | Object of metadata related to the newly associated social profile. | ||
| id | ULM Cloud's unique internal identifier for the new social association. | ||
| socialId | The provider's unique identifier for the user's social account. | ||
| providerId | Same value as providerId above. | ||
Error Scenario: User Is Not Authenticated
If this Process is invoked without an authenticated user session, then the Process responds with a HTTP 400 status code. The body includes a operationError array with the reason(s) as to what went wrong:
| Response Body |
|---|
{
operationError": {
"code": "security-challenge-failed",
"type": "com.uxpsystems.mint.framework.commons.exception.InsufficientPermissionException",
"message": "Current user does not possess the correct authority to execute this ULM Process.",
"authorities": [
{
"authority": "ROLE_ANONYMOUS"
}
]
}
}
|
Error Response Parameters
| Parameter | Description | |
|---|---|---|
| operationError | Array of possible error objects. Each object describes a separate error condition. | |
| code | An error object's internal code name. | |
| type | Internal reference of the operation error type. | |
| message | Optional message that describes the error in a human readable format. | |
| authorities | The list of authority roles currently granted to the user. Can be used to help supply context to authorization errors (e.g, a Process requires a user to be authenticated, but they are currently anonymous). | |
Error Codes
Below is a comprehensive list of potential error codes that may be returned during the execution of this Process.
Common Error Codes
Process-specific Error Codes
| HTTP Status | Format | ULM Error Code | Details | Description |
|---|---|---|---|---|
| 400 | operation error | not-supported-provider | n/a | Invalid social provider. |
| 401 | operation error | access-token-error | n/a | Could not extract action token. |
| 400 | operation error | social-already-associated | provider - provider ID that was picked for association | Social media is already associated with another ULM User. |
Revision History
| Version | Description |
|---|---|
| 2020.09 | Added this topic. |