How build a Jumpseller App
A Jumpseller App is an application that interacts with one or more online stores that use Jumpseller. The App can be loaded through an iframe insid...
Multipass
On this page
“Multipass - Involving, employing, or related to repeated passages through or over something; operating repeatedly in successive passes.” in oxford dictionary - lexico
The Multipass authentication strategy available with your Jumpseller store allows you to connect customers from another website you own with your online store in Jumpseller, through an easy-to-use system.
Using the secret key that Jumpseller provides in your administration area, you can encrypt customer data in other websites and allow them a simple connection without additional authentication steps that interfere with the good quality of user experience.
Multipass at Jumpseller also allows you the same functionality between two Jumpseller stores in a convenient and native way, as long as you identify which secret key to use.
To use the Multipass functionality in your Jumpseller store, you need to have one of two options active in the Customers section: Optional or Mandatory.
1. Using Multipass between 2 Jumpseller stores
If you only wish to direct and authenticate users from one store to another, then you only need to do this configuration on one of the stores. If you wish to allow both stores to use Multipass between them then you will have to do these steps on both stores.
If you have registered clients on your X store and want those clients to be able to access content only accessible for registered clients on your Y store without going through the hassle of doing ‘Sign up’ all over again, then you can use Multipass access.
The first time your clients use Multipass they will be registered on the target store and authenticated. From then onwards they will only be authenticated.
You will need to provide to your X store the secret key that will allow it to encrypt the data exchanged between stores and allow for the targeted store (Y store in this case) to decrypt that exchanged data, register the client and allow access to the restricted content. Without the secret key authentication will fail.
To allow your X store to properly encrypt customer data you have to log in to your Jumpseller store and go to Settings > General.
On the Multipass box you can find the secret key used for Multipass.
Copy the secret key from the Y store.
Apply this secret key in the first store, in your store’s administration area, on Settings > General, in the Multipass form.
From there you can use Multipass in your store’s theme code editor, using the multipass_token variable.
{% if multipass_token != blank %}
<a href="https://yourstore/customer/multipass/{{ multipass_token }}">Link</a>
{% endif %}
The multipass_token variable is only functional for logged-in users.
2. Using Multipass between an application/website outside Jumpseller and the Jumpseller store
Maybe you have another website or application in which you have an already established user base and wish to connect them to your Jumpseller store, registering them with just the click of a link.
E.g. Your user “A” is logged in on your website and sees a link/button to buy some merchandise from your Jumpseller Store which has a restricted access to registered users. You can generate the link with the user data encrypted on it so that when the user clicks on it he will be redirected and registered with no additional steps required.
So how can this be done?
Search for the secret key in your Jumpseller store administration area. Go Settings > General and copy the multipass token that is available.
The multipass token will be used as a secret key for encrypting the data for Multipass login.
Encrypt the data using AES 256-cbc. Below you can find an example of how to do it in Ruby. For NodeJS you can find some documentation for the crypto module here.
require ‘base64’
key = OpenSSL::Digest.new('sha256').digest(secret_key)
# add your customer's email and optionally add the product page where to redirect your customer after authentication
payload = { email: <customer email>, redirect: http://<your store>/<your product> }
cipher = OpenSSL::Cipher.new('aes-256-cbc')
cipher.encrypt
cipher.key = key
cipher.iv = iv = cipher.random_iv
# encrypt the data
ciphertext = iv + cipher.update(payload) + cipher.final
# encode the token to be used in the URL
Base64.urlsafe_encode64(ciphertext)
Once the final token is obtained, add it to the link http://storename/customer/multipass/token.
Redirect your user to the link created.
If the user’s email is already registered as a customer of your store he will be authenticated without additional steps. If you are not already registered, then a new account will be created.
After authentication, the user will be redirected to the homepage of their Jumpseller store or, if they have filled in the redirect field in the data to be encrypted, to the specified product page.
If you need more help, write to our support