Within your Limio Shop and Self-Service, customers have the ability to log in to their accounts, view their subscriptions and edit their details. This is done through a login portal with secure login functionality.

Currently, you can customise the look of the login page through Limio and match the feel to the rest of your shop. 

Adding An OAuth Authentication Provider with Limio

In this example we will specifically be going through adding AWS Cognito to OpenID, however, the process will work for any OAuth provider:

1. Set the authentication type to OAuth in General Settings → Site Security

   

2. Now you’re ready to add the Authentication Provider, first select Authentication Providers on the right side panel. You should see this view:

3. Then click on the OpenID Connect button to add a new provider. You will be presented with a modal like this.

4. The details you need to enter are marked with an asterisk. Enter the data from your authentication provider.

Value example for AWS Cognito

Provider Name

The name of the Limio Shop e.g. coalfire-dev-shop.prod.limio.com

Issuer Name

The URL of the shop e.g. https://coalfire-dev-shop.prod.limio.com

Client ID

This can be found in the AWS Console. Look in Cognito → Relevant user pool → App Client Settings. The ID is labelled and centrally placed just under the app client and will take the form of a series of letters and integers.

Client Secret

This isn’t necessary to work, but can be found in App Clients → Show Details

Authorization Endpoint

To find the AWS Cognito Domain navigate to Domain Name in Cognito. You will then need to append to /oauth2/authorize to the end of it. It will look like https://coal01-limio.auth.eu-central-1.amazoncognito.com/oauth2/authorize

Token Endpoint

Very similar to the authorization endpoint, it will be the domain with /oauth2/token appended to it. It will look like https://coal01-limio.auth.eu-central-1.amazoncognito.com/oauth2/token

Logout Endpoint

Logout endpoint will normally have /logout appended to it. If you are using Cognito as an authentication provider, it will look like https://coal01-limio.auth.eu-central-1.amazoncognito.com/logout?logout_uri=https://coalfire-dev-shop.prod.limio.com&. It's also important to note the logout_uri parameter will need to match the one configured in Cognito.

Value example for Azure AD B2C

Provider Name

The name of the Limio Shop e.g. coalfire-dev-shop.prod.limio.com

Issuer Name

The Issuer URL: https://{tenant}b2csandbox.b2clogin.com/id/v2.0/

Client ID

This can be found in the Azure AD B2C Portal. See https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect

Client Secret

This can be found in the Azure AD B2C Portal. See https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect

JWKS URI

This will look like: https://{tenant}b2csandbox.b2clogin.com/{tenant}b2csandbox.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/discovery/v2.0/keys

Authorization Endpoint

This will look like: https://{tenant}b2csandbox.b2clogin.com/{tenant}b2csandbox.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/oauth2/v2.0/authorize

Token Endpoint

This will look like: https://{tenant}b2csandbox.b2clogin.com/{tenant}b2csandbox.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/oauth2/v2.0/token

Logout Endpoint

This will look like: https://{tenant}b2csandbox.b2clogin.com/{tenant}b2csandbox.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/oauth2/v2.0/logout

Token Endpoint Type

This will usually be Basic.

Scope

This can be defined in the Azure AD B2C portal.

How do I know this has worked?

You will need to find an authenticated page or campaign in the app, rebuild and republish it. Then, try accessing the page, either logging in with an existing user (if relevant/possible) or by creating a new user.

You should attempt to complete a purchase flow and amend a subscription (either billing details or making a switch). After this, check in the app that the correct customer details are associated with the subscription(s). Then try logout and login again in the shop.