When a customer is logged in, the LoyaltyLion SDK needs to authenticate them in order to display their information (points, rewards) and allow them to perform actions like earning points and claiming rewards.
Customer authentication is peformed automatically on Shopify, BigCommerce and Magento.
Authentication in LoyaltyLion leverages your existing customer accounts so a customer doesn’t need to sign in twice or have a separate account with LoyaltyLion.
It works by generating a secure server-side auth token (MAC) which is passed through to LoyaltyLion on the next page load. LoyaltyLion verifies the auth token and if it checks out, will consider the customer authenticated.
Creating the auth token
The auth token is a
SHA-1 hash of the following concatenated items, in order:
- the customer’s unique
- the current date, as an
- the customer’s email address
- your LoyaltyLion secret
This auth token must be generated server-side, i.e. in your template. Your LoyaltyLion secret should never be exposed. The generated token can then be sent to the client and used in a call to
lion.authenticateCustomer to authenticate the customer.
date = DateTime.now.iso8601 secret = 'YOUR_SECRET' auth_token = Digest::SHA1.hexdigest( current_user.id.to_s + date + current_user.email + secret )