less than a minute read • Updated 7 minutes ago
Set up outgoing single sign-on on the receipt
How to generate a single sign-on token from the receipt page so customers can be redirected to your site already authenticated, or offered a single-click upsell.
Outgoing (or “reverse”) single sign-on generates an authentication token from the Foxy receipt page and passes it to your own site, so a customer who just checked out can be logged in automatically or offered a single-click upsell. This requires a solid understanding of standard single sign-on first, since the same token logic applies in reverse.
Steps: log a new customer into your site automatically
Example: Twig code for the receipt
{% set reverse_sso_url = "" %}
{% if first_receipt_display and not is_anonymous %}
{% set timestamp = checkout_date | date_modify("+120 seconds") | date("U") %}
{% set reverse_sso_url = "https://www.yourwebsite.com/reversesso.php?fc_auth_token=" ~ generate_sso_token(timestamp) ~ "×tamp=" ~ timestamp ~ "&fc_customer_id=" ~ customer_id %}
{% set continue_url = reverse_sso_url %}
{% endif %}
This only runs on the customer’s first view of the receipt, so revisiting the receipt later (from an email link) won’t trigger another redirect. generate_sso_token() takes a single timestamp argument and returns the token. customer_id is available to Twig templates automatically.
Example: verifying the token and logging the customer in
if (isset($_GET['fc_auth_token'])) {
$fc_auth_token = $_GET['fc_auth_token'];
$customer_id = $_GET['fc_customer_id'];
$timestamp = $_GET['timestamp'];
}
$local_auth_token = sha1($customer_id . '|' . $timestamp . '|' . $foxycart_api_key);
$local_timestamp = date('U');
if ($fc_auth_token == $local_auth_token && $timestamp > $local_timestamp) {
// Everything checks out, log the user in
// Enter your logic here
}
// Redirect the customer on to your own website
header('Location: http://www.yourwebsite.com');
Example: single-click upsell on the receipt
The same token mechanism can offer a post-purchase upsell. On click (or on page load, for a fully automatic version), add a product to the cart with a JSONP request, then redirect straight to checkout with a fresh token so the transaction can complete without re-authentication:
{% if first_receipt_display == 1 and is_anonymous == 0 %}
<script>
{% set timestamp = checkout_date | date_modify("+120 seconds") | date("U") %}
if (!FC.json.custom_fields.upsell) {
FC.client.request('https://' + FC.settings.storedomain + '/cart?name=Cool+Example&price=20&color=red&code=sku123&empty=reset&h:upsell=true').done(function(data) {
var url = 'https://' + FC.settings.storedomain + '/checkout?fc_auth_token={{ generate_sso_token(timestamp) }}×tamp={{ timestamp }}&fc_customer_id={{ customer_id }}';
window.location.href = url;
});
}
</script>
{% endif %}
Notes
A guest customer can’t use single sign-on, so both examples only work for accounts, not guest checkouts, hence the is_anonymous check.
Keep the token’s expiration short, no more than a few minutes, since it substitutes for password-based authentication.
Only use this over an https connection, since the tokens are passed in the URL.
To skip the Foxy receipt entirely and forward straight to your reverse single sign-on URL, replace {% set continue_url = reverse_sso_url %} with <script>window.location = ‘{{ reverse_sso_url }}’;</script>.
To add a custom link or button pointing to your reverse single sign-on endpoint elsewhere on the receipt, reference the {{ reverse_sso_url }} Twig variable.