👋

Sign in with Hey.Café

We want to make things easy and thats why we are working on many ways to connect to an account and provide easy login. So for this we have added the ability to allow users to login to your service using a Hey.Café account.

Sign in with button

This helper script will generate a Sign in with button where it’s placed, and will auto encode the information you provide for the request. It will also use the current url if you have the URL variable set to false. Source is non minified and can easily be read or copied.

<script src='https://hey.cafe/application/external/sign_in_with.js' publisher='NodeHost' reason='Account login and access' url='false'></script>

Making the request

This part is easy, send the person to this URL structure. You do need to replace PUBLISHER REASON and SENDBACK with your own data in base64 encoding to be url safe for all 3 options listed. You can easily do this in most languages or pre make the URL values using an online encoder like https://www.base64encode.org.

URL

https://hey.cafe/request/login/PUBLISHER/REASON/SENDBACK

Data you need to provide

PUBLISHER - is your application or website name.

REASON - is a simple message that will say why the session is needed like “For quick and easy login”.

SENDBACK - is a url to send the user to when done, we do append ?loginkey=KEY to your URL when sending them back (if already using url variables we change it according), you need this key to validate the account and to get basic account info when done.

Checking the access and getting user data

Now that the user is back on your site you can validate the login token sent back in ?loginkey=KEY that should look something like this LOG-AHGLZ7VS-M0NV2T5O-PW0MMU2Z-0DOJ by calling the following URL. If the key is not valid system_api_error will have the value notvalid.

URL

https://endpoint.hey.cafe/api/account_loginkey?query=LOG-AHGLZ7VS-M0NV2T5O-PW0MMU2Z-0DOJ

Response

{
    "system_api_endpoint": "endpoint-002.hey.cafe",
    "system_api_timestamp": "20220326223519",
    "system_api_error": false,
    "response_data": {
        "id": "zy56n1u2xika49024vmi2xegp",
        "alias": "anthony",
        "name": "Anthony Lee",
        "bio": "Developer on large scale web servers and applications like @nodehost and now @hey! Always ready to help any way that I can. Built the old social network #twii back in the day.",
        "avatar": "https:\/\/cdn.hey.cafe\/file\/HeyCafe\/2021-09\/20210908205031-hs88k4xmyk.png",
        "header": "https:\/\/cdn.hey.cafe\/file\/HeyCafe\/2021-11\/20211101092717-izyn76e943.jpg",
        "seen": "20220326223420",
        "active": "20220326223219",
        "hidden": "0",
        "invisible": "0",
        "verified": "1",
        "pro": "1",
        "admin": "1",
        "moderator": "0",
        "language": "en",
        "colour": "false"
    }
}

What to keep and store

The user can change all details on Hey.Café except the account id. This will always be the same and the value you should store for the linked account. The best way would be once the user is sent back is to store the login key that is provided in the url variable loginkey and call the API endpoint to validate the key and get the user ID. You don’t need to store the key as the user data can be updated on the fly using the API call https://endpoint.hey.cafe/api/account_info?query=zy56n1u2xika49024vmi2xegp to auto update things like the account avatar photo or more.

Keep in mind you may need to store the loginkey as later on we will be adding ways to interact with the user by sending them emails or even notifications VIA our service.

The key expires on each login

Since the key is provided in a URL if the key was intercepted it can be used to see the account info via the Hey.Café API call /api/account_info and this is why on each login request the old key is removed and a new key is created. We may not always ask the user to accept login again but the key will change each time, so if you need to use the new key on each login.

This key is linked to your PROVIDER and the SENDBACK value so make sure you keep this the same each time, otherwise the user will see a buildup of sessions in settings for your service.