NAV Navbar

Introduction

Welcome r to the Regzen documentation. This guide will help you easily integrate Sign in with Regzen to your website.

Setup

Step 1: Including the Library

Include the Regzen JavaScript Library libary as an NPM module or as a script tag.

If included as a script tag, a RegzenClient global object will be exposed:

Include

<!-- Include the regzen-client script using a script tag. -->
<script src="https://unpkg.com/regzen-client/dist/regzen.min.js"></script>
# Or install regzen-client as a node module.
$ npm install regzen-client --save
// And later, use it like this:
import RegzenClient from "regzen-client";

Step 2: Instantiating the Client

Instantiate the client with the application id we have provided you.

Instantiate

const regzen = new RegzenClient({
  applicationId: "YOUR_APPLICATION_ID",
});

Step 3: Starting the Sign In Process

You should add the "Sign in with Regzen" button and start the sign in process by calling the regzen.signIn method.

Usage

<div class="regzen-sign-in" onclick="regzen.signIn()"></div>

Step 4: Handling the Authorization Code

After the user has scanned the QR code and approved the authorization request using the Regzen mobile app, an authorization code will be generated. The Regzen JavaScript Library library will retrieve this authorization code and hand it to you using the regzen.onGranted event. You need to pass this authorization code to your backend and exchange it with the Regzen API in order to retrieve the user's data.

Note: This authorization code can be used only once and also expires after a short time. If it expires, you'll need to start over and get a new one.

We have libraries for various technologies which can handle the exchange communication for you:

Support for more languages is coming soon.

If there is currently no library for your language, see the Exchange Authorization Code section for information on how to do this manually.

Handle Authorization Code

regzen.onGranted(function (authorizationCode) {
  // Send the authorization code to the Regzen API.
});

Step 5: Showing the "Protected by Regzen" Alert

When one of your users chooses to sign in to your website using Regzen, you shouldn't allow them to use their password to sign in anymore. You can do this by keeping additional information about every user in your database, something like is_using_regzen and setting that to true if the user used Regzen to sign in. Regzen provides you with a convenient regzen.showProtectedAlert method to show an alert and notify your users that they should use Regzen to sign in instead of a password.

Note: You can override the styles of this alert by following the SweetAlert theming guide.

Showing Alert

function logIn() {
  // Call an endpoint on your API to check if user is using Regzen.
  const response = await fetch('https://api.yourapp.com/[email protected]');
  const user = response.json();

  if (user.is_using_regzen) {
    // Show the "Protected by Regzen" alert.
    regzen.showProtectedAlert();
  } else {
    // Call additional endpoint to log in user if he is not using Regzen.
  }
}

Step 6: Handling Sign in with Regzen Removal

Using the mobile app, users can choose to no longer use Regzen to sign in to your website and revert back to using their password. Regzen will notify you of this by sending an HTTP POST request with some encrypted payload (see notes below) to your webhook URL. You can set this URL when registering your application. It is up to you to choose if you will revert your users to their old password or send them an email for resetting their password.

Note 1: The request body data is encrypted and you will have to follow the steps in the Decrypting the Response section to extract the raw data. After successful decryption, you will get a stringified JSON with the data (see on the right).

Note 2: If you're using any of Regzen libraries which can handle the exchange communication for you, you're also supplied with payload decryption function. Please refer to the official documentation of corresponding Regzen library.

Decrypted Request Body

{
  "email": "[email protected]" // Email of the user who chose to no longer use Regzen.
}

Step 7: Handling Other Events

You can provide event handlers for the following events:

Event Parameters Description
onDenied Called when the user denies the authorization request.
onTimedOut Called when the authorization request times out.
onError error Called when an unexpected error occurs from Regzen's side.

Event Handling

regzen.onDenied(function () {
  // Give some feedback to the user when the authorization request was denied.
});

regzen.onTimedOut(function () {
  // Give some feedback to the user when the authorization request timed out.
});

regzen.onError(function (error) {
  // Give some feedback to the user when an unexpected error occured..
});

Regzen API Endpoints

Exchange Authorization Code

Exchange authorization code generated by the Regzen API for user data.

Note: The user data is encrypted and you will have to follow the steps in the Decrypting the Response section to extract the raw data.

$ curl "https://api.regzen.com/api/oauth/exchange?authorization_code=497c4bb7f892f0b03d8a9f7c6ead70bc"

HTTP Request

GET https://api.regzen.com/api/oauth/exchange

Query Parameters

Parameter Required Type Description
authorization_code Yes string ex. 497c4bb7f892f0b03d8a9f7c6ead70bc

Response

Response

{
  "data": "ENCRYPTED_USER_DATA"
}
Status code Description
200 The authorization code was exchanged for user data and the operation was successful.
403 The provided authorization code is invalid or expired.
422 The format of the provided authorization code is invalid.
500 Something went wrong while processing the request.

Decrypting the Response

Step 1: Decode the data from Base64. After decoding, your data will be in this format:

[INITIALIZATION_VECTOR][ENCRYPTED_MESSAGE_HASH][ENCRYPTED_MESSAGE]

Note: Brackets are not part of the data, they are just used to illustrate the structure of the data.

Step 2: Extract the first 16 characters for the initialization vector.

Step 3: The next 32 characters represent the hash generated by HMAC SHA-256. Generate your own hash using the same algorithm by hashing [ENCRYPTED_MESSAGE] with your application secret as the key. The hashes need to match in order to confirm the integrity of the message.

Step 4: Use something like openssl_decrypt to decrypt the [ENCRYPTED_MESSAGE] with AES-256-CBC using your application secret as the key and the data extracted in step 2 as the initialization vector.

Step 5: After successful decryption, you will get a stringified JSON with the user data.

JSON Structure

{
  "email": "[email protected]"
}