Skip to main content

Publisher Integration with SSO Providers

If you integrate with one or more SSO providers to offer SSO login, you might be able to retrieve the logged-in user's email address from the SSO provider to generate UID2 tokens.

This guide provides technical information about how to do this, for publisher integrations with several popular SSO providers.

important

You are responsible for ensuring that your use of email addresses to create UID2s is consistent with your UID2 agreement, your company’s privacy policy, and any other platform or third-party terms to which your company is subject.

High-Level Steps

To integrate with a single sign-on solution, the general steps are as follows:

  1. Get an identity token from the SSO provider.

  2. Extract the user's email address from the identity token.

  3. Pass the user's email address to the UID2 publisher integration of your choice.

note

To find out whether you have to apply normalization and encoding to the email address, or the integration does it for you, check the documentation for your UID2 publisher integration.

Sign in with Google

The following options are available for implementing Sign in with Google:

Sign in with Google for Android

Follow the instructions in Create the Sign in with Google flow. Once the token has been validated, you can retrieve the email address by using the getEmail() method of the identity token payload.

Sign in with Google for iOS and macOS

To get an email address from Sign in with Google on iOS or macOS, retrieve it from the GIDGoogleUser object. For details, see Getting profile information.

Sign in with Google for Web

Follow the instructions to verify the Google ID token on your server side, and then retrieve the user's email address from the email field of the ID token.

Facebook Login

There are two ways to integrate Facebook Login with UID2: with an OpenID Connect (OIDC) token or without.

Facebook Login Using an OIDC Token on iOS

To get an email address from Facebook Login using an OIDC token on iOS:

  1. Implement Facebook Login (for details, see Use Facebook Login in Your iOS App) and request the email permission.

  2. Extract the user's email address from the OIDC authentication token: for example, by using the Profile helper class. For details, see OIDC Tokens in Facebook Login for iOS.

Facebook Login Without an OIDC Token

To get an email address from Facebook Login without using an OIDC token:

  1. Request a user access token, specifying the email permission.

  2. If the user has granted the email permission, make a Graph API call to the /me endpoint, using the user access token, and specify email as one of the fields.

Sample Applications

The following applications demonstrate how to integrate with Facebook Login:

Sign In with Apple

The instructions for signing in with Apple are different for apps and websites.

Sign In with Apple in an App

Request authorization, making sure to request the email scope. For details, see Request Authorization with Apple ID.

If authentication succeeds, retrieve the user's email address from the email property of the ASAuthorizationAppleIDCredential object.

Sign In with Apple JS on a Webpage

Refer to the section Handle the Authorization Response of the page Configure your webpage for Sign in with Apple.

Sign In with OpenPass

To get an email address from an OpenPass integration:

  1. Use the OpenPass API or one of the OpenPass SDKs to get an identity token.

  2. Extract the user's email address from the email claim of the identity token. For details, see OpenPass Authentication Tokens.