User Identification

Anonymous Users

When you properly initialize the SDK within your own Application, on first start a UUID is generated and a JWT token is retrieved for an “anonymous client”.

Such a token is required to sign all the events that are being passed to Synerise, but in itself has no special permissions to do anything more. The token is limited to the following:

  • Tracking events
  • User registration
  • User sign-in
  • User password reset
  • Authentication by Facebook
  • Authentication by OAuth

This is just the minimum to use the basic features of SDK. User in this scenario is fully anonymous within the system and does not contain any personal information.


Recognized Users

You can operate on personal information without fully authenticating a customer. You may have already imported client data into Synerise, and you have personal information in the system. The data can be linked.

In such cases, you need to authenticate through your own backend systems. Before you can do that, you must merge the UUIDs from the SDK with a specific customer:

  1. Retrieve the Client UUID generated by Synerise SDK.
  2. Process the UUID in your own backend. If you use 3rd party authorization, you may need to to pass this UUID into other systems.
  3. Authorize the Client and match their identifier (loyalty card number, email address, or another type of identifier used in your system) with the client UUID from Synerise.
  4. Provide the Client UUID back to Synerise with all the additional information collected through the authorization process.

We recommend this user recognition process to advanced users. If you are a new Synerise user and would like to run this kind of integration, you can contact us at https://hgintelligence.atlassian.net/servicedesk/customer/portal/1.

WARNING: Sending this data directly from the Application itself is highly discouraged and may cause authorization issues.

Authenticated Users

Synerise offers a means to fully authenticate Users and create user sessions with JWT tokens that have access to all the features provided by Synerise.
Three authentication methods are supported:

Registration as a Service

Registration as a Service (RaaS) is a set of methods that enable you to implement full User Management in your application without any need for third party systems.

Register new Users

If you want to use our RaaS (Registration as a Service), implement the method Client.registerAccount().
This method provides you with an option to pass all User Information along with any agreements and attributes at once.

The primary unique identifier used by Synerise is the email address.

Depending on backend configuration at Synerise, the registration may or may not require email confirmations.
The following registration behaviors are supported:

  • Automatic: the account is ready to use right after registration, no confirmations are required. User has the attribute snrs_email_confirmed set to false.
  • Email Confirmation Required: the account is ready to use right after registration, but email confirmation is required. The confirmation sets snrs_email_confirmed to true in the User’s profile.
  • Email Activation Required: an activation email is sent and the account cannot be used until the address is confirmed. Activation also means that snrs_email_confirmed is set to true.

Passwords

The default password policy is:

  • Minimum 6 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one digit
  • At least one non-alphanumeric character

Passwords are PBKDF2-encrypted.

User login

Once a user is registered, they can login. In order to provide such an option you must implement the Client.signIn() method.

On success, the Application receives a JWT token which is valid for 1 hour (default setting).
The SDK refreshes that token while a User is using the Application and events are being sent (autorefresh occurs only while the token is still valid).

Note: Token longevity can be changed on request.

User logout

If you want to provide the User with a logout feature in your application use the following method: Client.signOut().
The method terminates the JWT token and kills the User session.

Get User account details

You can use the Client.getAccount() method to retrieve all information about a User from Synerise. You can then present that information in the app.

Tip: You can also implement our Cache Manager that provides access to User data stored in cache.

Update User account details

A User can update their own information. This is done by implementing Client.updateAccount().
The User can update most of the information, except for the email address, because it’s used as the primary identifier for account.

Change Users password

Separately from User information updates, a User may want to change their password. This is done by implementing Client.changePassword().
The current password needs to be provided first.

For a full list of available methods, see the methods reference section.


OAuth Login

You can authenticate a User base on your existing functionality. The user is authenticated by your backend.

In this case, the authentication process works in the following way:

  1. A user sign-in to the application generates an Auth request to your backend.
  2. Your backend provides the application with an access token.
  3. The access token is passed to Synerise by using the client.authenticateByOAuth() method.
  4. Synerise passes that access token back to your System in order to check if it’s valid.
  5. In response:
    • If authentication is successful, Synerise receives User information such as the email, first name, last name, or other details (the data can be mapped to fields in our system)
    • If the access token is not valid, the response type is different than HTTP 2xx.
  6. If the authentication was successful, Synerise provides the Application with our JWT access token for the User (if this the first time this user is authenticated, they are also registered with the provided information).
Image with Oauth scheme
User authentication scheme

When the User is authenticated with a JWT token in your application, you can start using all methods and features provided by the SDK.
You can retrieve client details by using the Client.getAccount() method or update more of their personal information by Client.updateAccount() in the same way as available in Registration as a Service.


Facebook Login

For those Applications that rely on Facebook Login as authentication Synerise has a separate method that provides you with a Synerise JWT token based on Facebook login.

To authenticate a User using Facebook, implement the following methods:

  • Client.authenticateByFacebookRegistered()
    This method provides you with an authentication option similar to Client.signIn(). It only logs in the User, if it’s the first authentication (User is not registered) it responds with an error that should be passed to your application and inform it that the the following method should be used:
  • Client.authenticateByFacebook()
    This method is more extensive and in case it’s first time a User authenticated, it creates a new User account in the system along with the details, optional agreements, and attributes that you can pass by using this method.

This is implemented in order to allow you to determine if the user is logging in for the first time and gather User agreements, if they are required.

😕

We are sorry to hear that

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.

😉

Awesome!

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.