Play - MyAccount Single Sign On

There are 3 entry points that touches the SSO with MyAccount:

  • Login (Login page)

  • Link (My Profile page)

  • Invite (Participant page)

Login

When a user tries to log in through Play, there is a lookup that is being done to know if the email address is linked to a MyAccount. On next, we need to do a look up to check if the associated Play account has an externalId.

  • If no Play account found or no externalId found associated to the email → Regular password input

  • If externalId found associated to the email → MyAccount redirect

We need to pass over the following parameters over to MyAccount in order to get the redirect URL

r='/login' // referer c='play-local' // client code identity='7e420faf-0ee2-45bb-aa34-8efbd651e003' // externalId on the Play account

This will ensure the user logs in to MyAccount to the correct account and provide the right access token back to Play.

Link + Invite

Both linking entry point will have the same approach. We will send over the following when doing the MyAccount redirect. For inviting a participant, we will simply send an email with a link with the redirect URL pre built.

URL params to send over when getting redirect URL

r='/profile' // referer c='play-local' // client code link=1 // force login / register with specific email email='elarouche@spordle.com' // account username

This will force the user getting redirected to sign in or sign up using the email address of the account. Once the user is redirected back to play. We will update the identity id (externalId) only when we receive the call back with the token.