less than a minute read • Updated 7 minutes ago
Set up single sign-on for checkout
How to configure your site's single sign-on endpoint so customers already logged into your site skip re-authenticating at checkout.
This covers setting up standard single sign-on, so a customer who’s already logged into your website can proceed through Foxy checkout without re-entering their email and password.
Steps
Example
const crypto = require('crypto');
function generateSsoUrl(customerId, timestamp, secret, storeDomain, sessionId) {
if (!customerId || !timestamp || !secret) return false;
const stringToSign = `${customerId}|${timestamp}|${secret}`;
const token = crypto.createHash('sha1').update(stringToSign).digest('hex');
let url = `https://${storeDomain}/checkout?fc_customer_id=${customerId}×tamp=${timestamp}&fc_auth_token=${token}`;
if (sessionId) url += `&fcsid=${sessionId}`;
return url;
}
Notes
Use the Foxy SDK’s
createSsoUrlfunction to generate this URL rather than building the hash yourself, where possible.The expiration
timestampyou hash must exactly match thetimestampyou send back to Foxy. Don’t reuse the timestamp Foxy sent to your endpoint — that value is already in the past by the time your endpoint responds.A customer using a saved credit card is still asked for the CSC, unless your store’s CSC settings are configured to only require it for new cards.
To allow an unauthenticated customer through to checkout, set
fc_customer_idto0.For guidance on keeping customer records synced with Foxy so a customer ID is available, see Sync customer data for SSO.