IDaaS Open Platform
Employee Identity (EIAM)

Feature Introduction

Application Development

This document briefly introduces the various mobile authentication features provided by the Zhuyun IDaaS platform, along with brief descriptions of their processes.

# Login Features

# Username and Password Login

Login and authorization are performed by entering an account and password. (The SDK only provides APIs; the interface is designed by the caller.)

Process Description:

  1. The caller customizes the login interface.
  2. The SDK is called to input the username and password for login.
  3. A sessionToken is returned.
  4. After obtaining the sessionToken, backend service development is still required. Please click "Verify Token" to learn about backend service development.
  5. Learn how to integrate login: Android, iOS.

# SMS Login

Login and authorization are achieved by entering a mobile phone number to receive an SMS verification code. (The SDK only provides APIs; the interface is designed by the caller.)

Process Description:

  1. The SMS login interface is built into the SDK.
  2. The SMS login interface is designed by the caller.
  3. Enter the mobile phone number.
  4. Click to send the SMS.
  5. A sliding captcha module pops up for verification.
  6. After successful verification, an SMS is automatically sent to the user's phone.
  7. Enter the verification code and click login.
  8. After success, a sessionToken is returned.
  9. After obtaining the sessionToken, backend service development is still required. Please click "Verify Token" to learn about backend service development.
  10. Learn how to integrate login: Android, iOS.

The sliding captcha module is built into the SDK and does not require user attention.

# One-Click Login with Native Number

Leveraging the mobile data network of operators and using technologies such as "communication gateway number retrieval" and SIM card identification, the user's mobile phone number is accurately identified to achieve password-free login.

# Social Login

Social login is often chosen by users as a necessity, but the entry conditions for various platforms are very cumbersome. In addition to normally integrating the SDKs of each platform, it is also necessary to maintain SDK versions and compatibility issues between platforms.

Conventional steps are:

  1. Register a platform account.
  2. Apply for an application.
  3. Frontend integration.
  4. Backend integration.
  5. Service joint debugging.
  6. Troubleshooting errors and compatibility issues.
  7. Long-term tracking of SDK version upgrades and changes from major platforms.

Using the IDaaS SDK, integration can be achieved in just three steps:

  1. Introduce the IDaaS SDK.
  2. Configure third-party platform parameters.
  3. Call.

(The red parts in the diagram are completed by the SDK.)

Process Description (WeChat and Alipay processes are the same):

  1. The social login interface buttons are designed by the caller.
  2. Click WeChat login to call the SDK's WeChat login method.
  3. The WeChat authorization interface pops up; click to confirm authorization.
  4. After successful authorization, a temporary authorization code from WeChat is returned.
  5. The SDK uses the authorization code to call the IDaaS server to obtain user information.
  6. If not bound, the SDK will pop up a binding interface; enter the mobile number and verification code to bind and return a sessionToken.
  7. If the user is already bound, a sessionToken is returned directly.
  8. After the APP obtains the sessionToken, it needs to pass it to the backend for verification.
  9. To integrate and develop Alipay login, please click "Android" or "IOS" to start trying.
  10. To integrate and develop WeChat login, please click "Android" or "IOS" to start trying.
  11. After obtaining the sessionToken, backend service development is still required. Please click "Verify Token" to learn about backend service development.

Integration Example (using WeChat as an example):

  1. Click WeChat login.

  2. Unbound state: Enter the mobile number to get the verification code; a sliding verification pops up.

  3. Start sliding verification.

  4. After successful verification, wait for the SMS verification code:

  5. Enter the verification code and click to bind.

# Verify Token

The APP server side needs to validate the sessionToken returned by the SDK to obtain user information.

Process Description:

  1. After the app successfully logs in via the IDaaS SDK, it obtains a sessionToken.
  2. The app passes the obtained sessionToken to the app backend.
  3. The app backend first needs to obtain API access permissions for the IDaaS server.
  4. Receives the API authorization credential returned by the IDaaS server.
  5. Uses the sessionToken and authorization credential to exchange for an ssoTicket.
  6. Obtains user information using the authorization credential and ssoTicket.
  7. Returns user information (returnable information can be configured, refer to the image below).

Maintain sessionToken validity.

Next:

Learn about Server-side Integration Interfaces.

# Session Persistence

How to achieve session persistence after login, configuration for session validity period is provided (please refer to Step 3 in Preparation under Getting Started). After a successful login and obtaining the user session, the integrating party needs to save this user session on the server side and record the configured session validity period. They can choose to refresh this session one day or one hour before it expires. This way, the integrating party can achieve session persistence.

Process Description:

  1. After the app obtains the sessionToken returned by the SDK, the app server validates the sessionToken.
  2. After successful validation, the app server saves it locally and stores the expiration time.
  3. If the sessionToken is found to be nearing expiration, the IDaaS API can be called to refresh it.
  4. Returns the latest sessionToken.

# Self-Service

# Real-Name Authentication

Real-name authentication is a service that verifies the authenticity of user identity information. It provides various real-name information verification capabilities such as facial recognition, identity information verification, and bank card element verification to address the industry's substantial need for verifying the authenticity of user identity information.

# Third-Party Account Management

After a user authorizes login with a third-party platform account, the system automatically binds and associates it with the main account. If unbinding is required, it can be performed through this module.

Process Description:

  1. The user clicks on WeChat or Alipay login within the APP.
  2. Obtains the returned sessionToken.
  3. The APP calls the third-party account management function by passing the sessionToken.
  4. The SDK requests the backend to get the list of third-party accounts already bound to the current account.
  5. The SDK displays the built-in management interface.
  6. The user can view the list or click on an item to perform an unbind operation.

Integration Effect (as shown in the image):

Clicking on any item allows performing an unbind operation.

# Interface Customization

The IDaaS SDK supports lightweight customization of some page UIs (as shown in the images).

iOS SDK List