Skip to main content

Authentication

Introduction

The Authentication module exposes features for managing authentication.

For Embedded or Hybrid step-up flows, the SDK exposes two pairs of methods: use send2faChallenge and submit2faAttempt on AuthenticationService during authentication (before or without a logged-in customer session—these requests are authorized with the configuration token from Wallet.configure). After the user is logged in and the wallet uses the customer access token for API calls, use sendScaChallenge and submitScaAttempt on StrongCustomerAuthenticationService instead; that is the pattern in the Trusted Entities examples.

Authentication Service

The AuthenticationService can be used for managing authentication related operations.

Get Authentication Details

Retrieves the authentication details, which include the url that is used to start the Authorization code flow. This is the Authorization Endpoint, used as part of the Authorization Code Grant, with the PKCE extension. This endpoint allows clients (partners) to securely authenticate their users into the Paysafe infrastructure by generating an authorization code, which can then be exchanged for a user access token. For an enhanced security all clients must use the PKCE extension with the SHA-256 code challenge method.

import { Wallet } from '@paysafe/paysafe-wallet-saas-web/wallet';
import {
  AuthenticationDetails,
  CodeChallengeMethod,
  LoginStrategy
} from "@paysafe/paysafe-wallet-saas-web/authentication";

const brandIdentity = 'brand-identity';
const parameters = {
  client_id: 'f4db4e70-23fc-49b5-9c16-8792afa45b12',
  code_challenge: 'fnA81erDlIx65spDQ881PwGJkabRAcb2Z1aMUrys721',
  code_challenge_method: CodeChallengeMethod.S256,
  digital_fingerprint: '19e0abfb-590a-4f1f-af9e-bdf48473a123',
  state: 'Utwe',
  reset_credentials_url: 'https://www.paysafe.com/reset-credentials',
  redirect_uri: 'http://www.partner.com/wallet/dashboard',
  locale: 'en-US',
  login_hint: 'testuser@paysafe.com',
  login_strategy: LoginStrategy.PIN
};

const authenticationDetails: AuthenticationDetails = Wallet.getInstance().getAuthenticationService().getAuthenticationDetails(brandIdentity, parameters);
window.location.href = authenticationDetails.authenticationUrl;

Send 2FA Challenge

Sends a challenge via a secure communication mechanism as part of the ongoing Embedded or Hybrid 2FA process.

import { Wallet } from '@paysafe/paysafe-wallet-saas-web/wallet';
import {
  ScaAuthenticationEventAttemptVerificationChannel,
  ScaAuthenticationEventAttemptVerificationMethod,
  ScaAuthenticationEventChallengeEmbeddedHybridRequest
} from "@paysafe/paysafe-wallet-saas-web/common";

// Obtain eventId and walletOperationId from the operation that requires 2FA
const eventId = 'c9fceaf7-2cf8-4092-af70-6ddbe1d4d8c1'
const scaChallengeRequest: ScaAuthenticationEventChallengeEmbeddedHybridRequest = {
    walletOperationId: 'EklfNtWJ8H61aS7rX9VpTfwfcaufAQwAVMu7rtmM97M=',
    verification: {
        method: ScaAuthenticationEventAttemptVerificationMethod.OTP,
        channel: ScaAuthenticationEventAttemptVerificationChannel.SMS
    }
}

Wallet.getInstance().getAuthenticationService().send2faChallenge(eventId, scaChallengeRequest)
    .then(response => console.log('Send 2FA challenge', response))
    .catch(error => console.error('Error sending 2FA challenge', error));

Submit 2FA Attempt

Submits an Embedded or Hybrid authentication attempt for a 2FA event.

import { Wallet } from '@paysafe/paysafe-wallet-saas-web/wallet';
import {
  ScaAuthenticationEventAttemptVerificationChannel,
  ScaAuthenticationEventAttemptVerificationMethod,
  ScaAuthenticationEventAttemptEmbeddedHybridRequest
} from "@paysafe/paysafe-wallet-saas-web/common";

const eventId = 'c9fceaf7-2cf8-4092-af70-6ddbe1d4d8c1'
const scaAttemptRequest: ScaAuthenticationEventAttemptEmbeddedHybridRequest = {
    walletOperationId: 'EklfNtWJ8H61aS7rX9VpTfwfcaufAQwAVMu7rtmM97M=',
    verification: {
        method: ScaAuthenticationEventAttemptVerificationMethod.OTP,
        channel: ScaAuthenticationEventAttemptVerificationChannel.SMS
    },
    value: '123456'
}

Wallet.getInstance().getAuthenticationService().submit2faAttempt(eventId, scaAttemptRequest)
    .then(response => console.log('Submit 2FA attempt', response))
    .catch(error => console.error('Error submitting 2FA attempt', error));

Strong Customer Authentication Service

The StrongCustomerAuthenticationService exposes SCA operations for Embedded or Hybrid flows.

Send SCA Challenge

Sends an SCA challenge via a secure communication mechanism as part of the ongoing Embedded or Hybrid SCA process.

import { Wallet } from '@paysafe/paysafe-wallet-saas-web/wallet';
import {
  ScaAuthenticationEventAttemptVerificationChannel,
  ScaAuthenticationEventAttemptVerificationMethod,
  ScaAuthenticationEventChallengeEmbeddedHybridRequest
} from "@paysafe/paysafe-wallet-saas-web/common";

// Obtain eventId and walletOperationId from the operation that requires SCA
const eventId = 'c9fceaf7-2cf8-4092-af70-6ddbe1d4d8c1'
const scaChallengeRequest: ScaAuthenticationEventChallengeEmbeddedHybridRequest = {
    walletOperationId: 'EklfNtWJ8H61aS7rX9VpTfwfcaufAQwAVMu7rtmM97M=',
    verification: {
        method: ScaAuthenticationEventAttemptVerificationMethod.OTP,
        channel: ScaAuthenticationEventAttemptVerificationChannel.SMS
    }
}

Wallet.getInstance().getStrongCustomerAuthenticationService().sendScaChallenge(eventId, scaChallengeRequest)
    .then(response => console.log('Send SCA challenge', response))
    .catch(error => console.error('Error sending SCA challenge', error));

Submit SCA Attempt

Submits an Embedded or Hybrid authentication attempt for a Strong Customer Authentication (SCA) event.

import { Wallet } from '@paysafe/paysafe-wallet-saas-web/wallet';
import {
  ScaAuthenticationEventAttemptVerificationChannel,
  ScaAuthenticationEventAttemptVerificationMethod,
  ScaAuthenticationEventAttemptEmbeddedHybridRequest
} from "@paysafe/paysafe-wallet-saas-web/common";

const eventId = 'c9fceaf7-2cf8-4092-af70-6ddbe1d4d8c1'
const scaAttemptRequest: ScaAuthenticationEventAttemptEmbeddedHybridRequest = {
    walletOperationId: 'EklfNtWJ8H61aS7rX9VpTfwfcaufAQwAVMu7rtmM97M=',
    verification: {
        method: ScaAuthenticationEventAttemptVerificationMethod.OTP,
        channel: ScaAuthenticationEventAttemptVerificationChannel.SMS
    },
    value: '123456'
}

Wallet.getInstance().getStrongCustomerAuthenticationService().submitScaAttempt(eventId, scaAttemptRequest)
    .then(response => console.log('Submit SCA attempt', response))
    .catch(error => console.error('Error submitting SCA attempt', error));