Sessions¶
Info
Planned feature
LOKE mobile (Tidy) can be configured to load external web pages inside a webview. These web pages allow for most javascript APIs, however are always accessed as an anonymous user. As such if the web page requires authentication a Tidy user will need to log in or register on the webview, even if they are logged in to the app.
To avoid this "double authentication" we allow for a session initialisation webhook. This works by the LOKE's back-end calling a configured webhook with customer contact details and unique ID. The webhook then returns a URL that contains a session identifier, eg as part of the query string or URL path. Tidy's back end then redirects the customer's webview to this URL.
Note
Note any session identification and/or token must be provided in the URL. Headers and cookies are not supported. If cookie authentication is required then another intermediate step is required (where the third-party server reads the session ID and sets a cookie in the response).