Publisher Integration with SSO Providers
If you integrate with one or more SSO providers to offer SSO login, you might be able to retrieve the logged-in user's email address from the SSO provider to generate EUID tokens.
This guide provides technical information about how to do this, for publisher integrations with several popular SSO providers.
You are responsible for ensuring that your use of email addresses to create EUIDs is consistent with your EUID agreement, your company’s privacy policy, and any other platform or third-party terms to which your company is subject.
High-Level Steps
To integrate with a single sign-on solution, the general steps are as follows:
-
Get an identity token from the SSO provider.
-
Extract the user's email address from the identity token.
-
Pass the user's email address to the EUID publisher integration of your choice.
To find out whether you have to apply normalization and encoding to the email address, or the integration does it for you, check the documentation for your EUID publisher integration.
Sign in with Google
The following options are available for implementing Sign in with Google:
Sign in with Google for Android
Follow the instructions in Create the Sign in with Google flow. Once the token has been validated, you can retrieve the email address by using the getEmail() method of the identity token payload.
Sign in with Google for iOS and macOS
To get an email address from Sign in with Google on iOS or macOS, retrieve it from the GIDGoogleUser object. For details, see Getting profile information.
Sign in with Google for Web
Follow the instructions to verify the Google ID token on your server side, and then retrieve the user's email address from the email field of the ID token.
Facebook Login
There are two ways to integrate Facebook Login with EUID: with an OpenID Connect (OIDC) token or without.
Facebook Login Using an OIDC Token on iOS
To get an email address from Facebook Login using an OIDC token on iOS:
-
Implement Facebook Login (for details, see Use Facebook Login in Your iOS App) and request the
emailpermission. -
Extract the user's email address from the OIDC authentication token: for example, by using the
Profilehelper class. For details, see OIDC Tokens in Facebook Login for iOS.
Facebook Login Without an OIDC Token
To get an email address from Facebook Login without using an OIDC token:
-
Request a user access token, specifying the
emailpermission. -
If the user has granted the
emailpermission, make a Graph API call to the/meendpoint, using the user access token, and specifyemailas one of the fields.
Sample Applications
The following applications demonstrate how to integrate with Facebook Login:
Sign In with Apple
The instructions for signing in with Apple are different for apps and websites.
Sign In with Apple in an App
Request authorization, making sure to request the email scope. For details, see Request Authorization with Apple ID.
If authentication succeeds, retrieve the user's email address from the email property of the ASAuthorizationAppleIDCredential object.
Sign In with Apple JS on a Webpage
Refer to the section Handle the Authorization Response of the page Configure your webpage for Sign in with Apple.
Sign In with OpenPass
To get an email address from an OpenPass integration:
-
Use the OpenPass API or one of the OpenPass SDKs to get an identity token.
-
Extract the user's email address from the
emailclaim of the identity token. For details, see OpenPass Authentication Tokens.