Document Properties
Kbid
3C0823
Last Modified
16-Jun-2023
Added to KB
18-Apr-2023
Public Access
Everyone
Status
Online
Doc Type
Guidelines
Product
Intershop Progressive Web App
HomeKnowledge Base
View on Github
Guide - Intershop Progressive Web App - Authentication by the ICM Server
Share this document

This document describes the main authentication mechanism if the ICM server is used as identity provider.
If you need an introduction to this topic, read the Authentication Concept first.

Login

If the user wants to login by clicking a login link or navigating to the /login route, either a popup or a page is displayed containing a login form.
After the user has entered the credentials (e-mail/user name and password) and could be verified successfully by the ICM server, a new token is fetched from the ICM /token REST endpoint.
The token of the registered user is saved as apiToken cookie and attached to the request header of the subsequent REST requests.
After logging in, the pgid of the user is requested from the ICM server (/personalization REST call) and the action personalizationStatusDetermined will be triggered.
If you want to request user-specific non-cached data from the ICM server, use the option sendPGID or sendSPGID, respectively when you call the get method of the ApiTokenService.

Registration

The registration of a user is similar to the login.
After the user has completed the registration form, the data are validated by the ICM server and a new user will be created.
Afterwards, the authentication token is requested from the server and the user will be logged in, see above.

Token Lifetime

Each authentication token has a predefined lifetime.
That means, the token has to be refreshed to prevent it from expiring.
Once 75% of the token's lifetime have passed (this time can be configured in the oAuth library), an info event is emitted.
This event is used to call the refresh mechanism setupRefreshTokenMechanism$ of the oAuth configuration service and the authentication token will be renewed.
Hence, the token will not expire as long as the user keeps the PWA open in the browser.

Logout

When the user logs out by clicking the logout link or navigating to the /logout route, the configured logout() function will be executed, which will call the revokeApiToken() user service in order to deactivate the token on server side.
Besides this, the PWA removes the token on browser side, fetches a new anonymous user token, and sets it as apiToken cookie.

Disclaimer
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.
The Intershop Knowledge Portal uses only technically necessary cookies. We do not track visitors or have visitors tracked by 3rd parties. Please find further information on privacy in the Intershop Privacy Policy and Legal Notice.
Home
Home Page
Knowledge Base
Home Page
Search
Personal Library
Product Releases
Home Page
Search
Difference Report
Product Support Matrix
Service Connector Matrix
Log on to continue
This Knowledge Base document is reserved for registered customers.
Log on with your Intershop Entra ID to continue.
Write an email to supportadmin@intershop.de if you experience login issues,
or if you want to register as customer.