SSO Technical Flow

Single Sign On (SSO) Flow

Single Sign On is a seamless login flow. At some point of time, when the Merchant Switch needs to verify the identity of the user, it can use the SSO APIs to silently SignIn/SignUp the user.

Explanation:

  1. User consent is asked when SSO API is triggered in the Switch flow, i.e. when the Switch calls the fetchAuthToken () method.

For eg., In Hotels Switch, a user can search for hotels corresponding to dates and location. He can browse different hotels and see their prices. But at the point of confirmation of booking, user consent is asked.

  1. If a user agrees to share by tapping on "Login" (as shown in the image below). Then the Switch gets a “grant token” from the PhonePe APP.

  2. The Switch sends the “grant token” to its server. Using the “grant token”, the server hits the PhonePe server with Get Auth Token API. In response, it receives access token.

  3. This "access token" is sent to the PhonePe server to fetch user details using Get User Details API.

This can be used to facilitate SSO in the merchant's system, as the user details have already been verified by PhonePe.

  1. The Switch authenticates the user.

  2. If the user denies the consent by tapping on "Skip", then the Switch needs to shows its own SignIn/SignUp page.