{"__v":26,"_id":"56053e9df6b86e0d00284ad1","category":{"__v":31,"_id":"55ffceca0e2b090d008633b2","pages":["55ffcedffeaf310d007dd6d6","55ffd0879e7ccf0d000a1e09","55ffddd1feaf310d007dd6e8","55ffdee4feaf310d007dd6ea","55ffe2336932a00d00ba7abf","55ffeb898c0c9d0d00dcacd0","55fff74c6932a00d00ba7b0c","55fff9df0c703d1900952fe1","55fffecb6932a00d00ba7b1b","55ffffd49e7ccf0d000a1e49","560001159e7ccf0d000a1e4d","560004126932a00d00ba7b2a","560006ef0c703d1900952ffc","560009fa8c0c9d0d00dcad0d","5601137f9137690d00335697","560120f34ea1b40d003bf1a4","5601221bf01fb90d00d4bf7e","5601274781a9670d006d1514","5601292881a9670d006d1516","56012ab3f01fb90d00d4bf88","56012c754ea1b40d003bf1b9","56012d824ea1b40d003bf1c0","56053e9df6b86e0d00284ad1","560541907c8e580d0001afe8","56123c063cf4bc0d00554e37","561264c70157131900b45863","561272d60157131900b45870","5612796d09bdc51700696fdf","56138c7a6fd7042b008f0187","5613a63d46c35f3500773c06","5613a79a44d6662b0071f5d9"],"project":"55edea207145f717001ac12c","version":"55edea207145f717001ac12f","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-09-21T09:32:58.200Z","from_sync":false,"order":0,"slug":"sdk","title":"SDK"},"project":"55edea207145f717001ac12c","user":"55ede9ed1452cd0d009e5e6b","version":{"__v":11,"_id":"55edea207145f717001ac12f","project":"55edea207145f717001ac12c","createdAt":"2015-09-07T19:48:48.670Z","releaseDate":"2015-09-07T19:48:48.670Z","categories":["55edea217145f717001ac130","55ffa8038c0c9d0d00dcac72","55ffbaa48c0c9d0d00dcac88","55ffbd3e8c0c9d0d00dcac8b","55ffbee40e2b090d00863393","55ffc4306932a00d00ba7a85","55ffc66bfeaf310d007dd6c8","55ffc9c2feaf310d007dd6d1","55ffceca0e2b090d008633b2","560111b06811d00d00ceb34e","560262e74f15002100ee4445"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-09-25T12:31:25.882Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":28,"body":"Rublon protects users during their signing in processes. Even if a someone lears the user's password with malicious intent, such a person would be unable to log in to the user's account, because a physical access to the Rublon mobile app (installed in the user's smartphone) or to his email account is needed.\n[block:callout]\n{\n  \"type\": \"info\",\n  \"body\": \"Developer can force users to authenticate using the mobile app (to avoid the Email2FA process) and/or ignore the Trusted Devices, which can increase the security. These features available only to systems integrated within the *Business plan*. [Check the pricing](https://developers.rublon.com/98/Pricing)\"\n}\n[/block]\nAuthenticating a user with the second factor should be initiated when the user has successfully passed the first factor of authentication (e.g. the valid user credentials have been provided) and the user's unique Id and email address are known.\n\n[block:html]\n{\n  \"html\": \"<div>\\n  <!-- Nav tabs -->\\n  <ul class=\\\"nav nav-tabs langnav\\\" role=\\\"tablist\\\">\\n    <li role=\\\"presentation\\\" class=\\\"active\\\"><a href=\\\"#php\\\" aria-controls=\\\"php\\\" role=\\\"tab\\\" data-toggle=\\\"tab\\\">PHP</a></li>\\n    <li role=\\\"presentation\\\"><a href=\\\"#net\\\" aria-controls=\\\"net\\\" role=\\\"tab\\\" data-toggle=\\\"tab\\\">.NET</a></li>\\n    <li role=\\\"presentation\\\"><a href=\\\"#java\\\" aria-controls=\\\"java\\\" role=\\\"tab\\\" data-toggle=\\\"tab\\\">Java</a></li>\\n    <li role=\\\"presentation\\\"><a href=\\\"#python\\\" aria-controls=\\\"python\\\" role=\\\"tab\\\" data-toggle=\\\"tab\\\">Python</a></li>\\n  </ul>\\n\\n  <!-- Tab panes -->\\n  <div class=\\\"tab-content\\\">\\n    <div role=\\\"tabpanel\\\" class=\\\"tab-pane active\\\" id=\\\"php\\\">\\n    \\t<br/>\\n      <p>The Rublon2Factor::auth() method will check the user's protection status (using the email address) and return a URL address for the web browser to be redirected to (if user protection is active) or NULL in case the user's protection is not active.\\n      </p>\\n<table>\\n\\t<caption><code>Rublon2Factor::auth()</code> method arguments</caption>\\n\\t<thead><tr>\\n\\t\\t<th>Name</th>\\n\\t\\t<th>Type</th>\\n\\t\\t<th>Description</th>\\n\\t</tr></thead>\\n\\t<tbody>\\n\\t\\t<tr><td><code>$callbackUrl</code></td><td>string</td><td>The integrated system's callback URL</td></tr>\\n\\t\\t<tr><td><code>$userId</code></td><td>string</td><td>The integrated system's user's unique Id which will allow to log in the user upon successful authentication</td></tr>\\n\\t\\t<tr><td><code>$userEmail</code></td><td>string</td><td>The user's email address in the integrated system which will allow to check the user's protection status and match the user to a Rublon account</td></tr>\\n\\t\\t<tr><td><code>$consumerParams</code></td><td>array</td><td>Additional transaction parameters (optional)</td></tr>    \\n\\t</tbody>\\n</table>  \\n<h3 id=\\\"example\\\">Example PHP code</h3>\\n<p>An example of logging in a user on an integrated system:</p>\\n<!-- ngSwitchWhen: textarea --><!-- TODO: Make this generic using 'default' --><!-- ngSwitchWhen: api-header --><!-- ngSwitchWhen: code --><div class=\\\"ng-scope\\\" ng-switch-when=\\\"code\\\"><div type=\\\"section.type\\\" ng-model=\\\"section.data\\\" class=\\\"block-code block-show-code ng-isolate-scope ng-pristine ng-valid\\\">\\n  <div class=\\\"code-tabs ng-hide\\\" ng-show=\\\"data.codes.length > 1 || (data.codes.length == 1 &amp;&amp; data.codes[0].status)\\\">\\n    <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\\\"ng-scope tab on\\\" ng-class=\\\"{tab: true, on:$index==current, off:$index!=current}\\\" ng-repeat=\\\"tab in data.codes track by $id($index)\\\">\\n      <a href=\\\"\\\" ng-click=\\\"choose($index)\\\">\\n        <!-- ngIf: tab.status -->\\n        <!-- ngIf: !tab.status --><span class=\\\"ng-scope ng-binding\\\" ng-if=\\\"!tab.status\\\">\\n          PHP\\n        </span><!-- end ngIf: !tab.status -->\\n      </a><span class=\\\"ng-hide\\\" ng-hide=\\\"$last\\\">·</span>\\n    </div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\\n  </div>\\n\\n  <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\\\"ng-scope\\\" ng-repeat=\\\"tab in data.codes track by $id($index)\\\" ng-show=\\\"$index==current\\\">\\n  <pre class=\\\"cm-s-neo\\\" data-mode=\\\"php\\\"><span class=\\\"cm-meta\\\">&lt;?</span>\\n<span class=\\\"cm-comment\\\">/**</span>\\n <span class=\\\"cm-comment\\\">* An example method used to log the user in (integrated system's method)</span>\\n <span class=\\\"cm-comment\\\">*/</span>\\n<span class=\\\"cm-keyword\\\">function</span> <span class=\\\"cm-def\\\">login</span>(<span class=\\\"cm-variable-2\\\">$login</span>, <span class=\\\"cm-variable-2\\\">$password</span>) {\\n  <span class=\\\"cm-keyword\\\">if</span> (<span class=\\\"cm-variable\\\">loginPreListener</span>()) {\\n    <span class=\\\"cm-keyword\\\">if</span> (<span class=\\\"cm-variable-2\\\">$user</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable\\\">authenticate</span>(<span class=\\\"cm-variable-2\\\">$login</span>, <span class=\\\"cm-variable-2\\\">$password</span>)) {\\n      <span class=\\\"cm-comment\\\">// The user has been authenticated.</span>\\n      <span class=\\\"cm-variable-2\\\">$_SESSION</span>[<span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">user\\\"</span>] <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable-2\\\">$user</span>;\\n      <span class=\\\"cm-variable\\\">loginPostListener</span>();\\n    }\\n  }\\n}\\n\\n<span class=\\\"cm-comment\\\">/**</span>\\n <span class=\\\"cm-comment\\\">* Listener (hook) invoked after a successful first factor user authentication,</span>\\n <span class=\\\"cm-comment\\\">* implemented for Rublon integration purposes.</span>\\n <span class=\\\"cm-comment\\\">*/</span>\\n<span class=\\\"cm-keyword\\\">function</span> <span class=\\\"cm-def\\\">loginPostListener</span>() {\\n  <span class=\\\"cm-variable-2\\\">$rublon</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-keyword\\\">new</span> <span class=\\\"cm-variable\\\">Rublon2Factor</span>(<span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">your_system_token\\\"</span>, <span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">your_access_key\\\"</span>);\\n  <span class=\\\"cm-keyword\\\">try</span> { <span class=\\\"cm-comment\\\">// Initiate a Rublon authentication transaction</span>\\n    <span class=\\\"cm-variable-2\\\">$url</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable-2\\\">$rublon</span><span class=\\\"cm-operator\\\">-&gt;</span><span class=\\\"cm-variable\\\">auth</span>(\\n      <span class=\\\"cm-variable-2\\\">$callbackUrl</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">http://example.com/rublon_callback.php\\\"</span>,\\n      <span class=\\\"cm-variable-2\\\">$_SESSION</span>[<span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">user\\\"</span>][<span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">id\\\"</span>], <span class=\\\"cm-comment\\\">// User Id</span>\\n      <span class=\\\"cm-variable-2\\\">$_SESSION</span>[<span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">user\\\"</span>][<span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">email\\\"</span>] <span class=\\\"cm-comment\\\">// User email</span>\\n    );\\n    <span class=\\\"cm-keyword\\\">if</span> (<span class=\\\"cm-operator\\\">!</span><span class=\\\"cm-keyword\\\">empty</span>(<span class=\\\"cm-variable-2\\\">$url</span>)) { <span class=\\\"cm-comment\\\">// User protection is active</span>\\n      <span class=\\\"cm-comment\\\">// Log the user out before checking the second factor:</span>\\n      <span class=\\\"cm-keyword\\\">unset</span>(<span class=\\\"cm-variable-2\\\">$_SESSION</span>[<span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">user\\\"</span>]);\\n      <span class=\\\"cm-comment\\\">// Redirect the user's web browser to Rublon servers</span>\\n      <span class=\\\"cm-comment\\\">// to verify the protection:</span>\\n      <span class=\\\"cm-builtin\\\">header</span>(<span class=\\\"cm-string\\\">'Location: '</span> . <span class=\\\"cm-variable-2\\\">$url</span>);\\n    }\\n  } <span class=\\\"cm-keyword\\\">catch</span> (<span class=\\\"cm-variable\\\">RublonException</span> <span class=\\\"cm-variable-2\\\">$e</span>) {\\n    <span class=\\\"cm-comment\\\">// An error occurred</span>\\n    <span class=\\\"cm-keyword\\\">unset</span>(<span class=\\\"cm-variable-2\\\">$_SESSION</span>[<span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">user\\\"</span>]);\\n    <span class=\\\"cm-keyword\\\">die</span>(<span class=\\\"cm-string\\\">\\\"</span><span class=\\\"cm-string\\\">There was an error, please try again later.\\\"</span>);\\n  }\\n  \\n  <span class=\\\"cm-comment\\\">/* If we're here, the user's account is not protected by Rublon.</span>\\n  <span class=\\\"cm-comment\\\">The user can be authenticated. */</span>\\n  <span class=\\\"cm-keyword\\\">return</span> <span class=\\\"cm-atom\\\">true</span>;\\n}</pre>\\n</div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\\n</div></div><!-- ngSwitchWhen: image --><!-- ngSwitchWhen: embed --><!-- ngSwitchWhen: callout --><!-- ngSwitchWhen: parameters --><!-- ngSwitchWhen: html -->\\n<p>If the user's account is protected by Rublon, calling the Rublon2Factor::auth() method will return a URL address pointing to Rublon servers, which the user's browser should redirect to in order to verify a Trusted Device, display a QR code to be scanned by the Rublon mobile app or verify identity by clicking a confirmation link which has been sent to the user's email address.</p>\\n    </div>\\n    <div role=\\\"tabpanel\\\" class=\\\"tab-pane\\\" id=\\\"net\\\">\\n    \\n    \\t<br/>\\n      <p>The Rublon2Factor.Authorize() method will check the user's protection status (using the email address) and return a URL address for the web browser to be redirected to (if user protection is active) or <code>null</code> in case the user's protection is not active.\\n      </p>\\n<table>\\n\\t<caption><code>Rublon2Factor.Authorize()</code> method arguments</caption>\\n\\t<thead><tr>\\n\\t\\t<th>Name</th>\\n\\t\\t<th>Type</th>\\n\\t\\t<th>Description</th>\\n\\t</tr></thead>\\n\\t<tbody>\\n\\t\\t<tr><td><code>callbackUrl</code></td><td>string</td><td>The integrated system's callback URL</td></tr>\\n\\t\\t<tr><td><code>userId</code></td><td>string</td><td>The integrated system's user's unique Id which will allow to log in the user upon successful authentication</td></tr>\\n\\t\\t<tr><td><code>userEmail</code></td><td>string</td><td>The user's email address in the integrated system which will allow to check the user's protection status and match the user to a Rublon account</td></tr>\\n\\t\\t<tr><td><code>consumerParams</code></td><td>JObject\\n</td><td>Additional transaction parameters (optional)</td></tr>    \\n\\t</tbody>\\n</table>  \\n<h3>Example .NET code</h3>\\n<p>An example of logging in a user on an integrated system:</p>      \\n<!-- ngSwitchWhen: textarea --><!-- TODO: Make this generic using 'default' --><!-- ngSwitchWhen: api-header --><!-- ngSwitchWhen: code --><div class=\\\"ng-scope\\\" ng-switch-when=\\\"code\\\"><div type=\\\"section.type\\\" ng-model=\\\"section.data\\\" class=\\\"block-code block-show-code ng-isolate-scope ng-pristine ng-valid\\\">\\n  <div class=\\\"code-tabs ng-hide\\\" ng-show=\\\"data.codes.length > 1 || (data.codes.length == 1 &amp;&amp; data.codes[0].status)\\\">\\n    <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\\\"ng-scope tab on\\\" ng-class=\\\"{tab: true, on:$index==current, off:$index!=current}\\\" ng-repeat=\\\"tab in data.codes track by $id($index)\\\">\\n      <a href=\\\"\\\" ng-click=\\\"choose($index)\\\">\\n        <!-- ngIf: tab.status -->\\n        <!-- ngIf: !tab.status --><span class=\\\"ng-scope ng-binding\\\" ng-if=\\\"!tab.status\\\">\\n          C#\\n        </span><!-- end ngIf: !tab.status -->\\n      </a><span class=\\\"ng-hide\\\" ng-hide=\\\"$last\\\">·</span>\\n    </div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\\n  </div>\\n\\n  <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\\\"ng-scope\\\" ng-repeat=\\\"tab in data.codes track by $id($index)\\\" ng-show=\\\"$index==current\\\">\\n  <pre class=\\\"cm-s-neo\\\" data-mode=\\\"csharp\\\"><span class=\\\"cm-comment\\\">//</span>\\n<span class=\\\"cm-comment\\\">// An example method used to log the user in (integrated system's method)</span>\\n<span class=\\\"cm-comment\\\">//</span>\\n<span class=\\\"cm-variable\\\">void</span> <span class=\\\"cm-variable\\\">login</span>(<span class=\\\"cm-variable\\\">string</span> <span class=\\\"cm-variable\\\">login</span>, <span class=\\\"cm-variable\\\">string</span> <span class=\\\"cm-variable\\\">password</span>) \\n{\\n    <span class=\\\"cm-variable\\\">if</span> (<span class=\\\"cm-variable\\\">loginPreListener</span>()) \\n    {\\n        <span class=\\\"cm-variable\\\">User</span> <span class=\\\"cm-variable\\\">user</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable\\\">authenticate</span>(<span class=\\\"cm-variable\\\">login</span>, <span class=\\\"cm-variable\\\">password</span>);\\n        <span class=\\\"cm-variable\\\">if</span> (<span class=\\\"cm-variable\\\">user</span> <span class=\\\"cm-operator\\\">!=</span> <span class=\\\"cm-variable\\\">null</span>) \\n        {\\n            <span class=\\\"cm-comment\\\">// The user has been authenticated.</span>\\n            <span class=\\\"cm-variable\\\">Session</span>[<span class=\\\"cm-string\\\">\\\"loggedUsed\\\"</span>] <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable\\\">user</span>;\\n            <span class=\\\"cm-variable\\\">loginPostListener</span>();\\n        }\\n    }\\n}\\n\\n\\n<span class=\\\"cm-comment\\\">//</span>\\n<span class=\\\"cm-comment\\\">// Listener (hook) invoked after a successful first factor user authentication,</span>\\n<span class=\\\"cm-comment\\\">// implemented for Rublon integration purposes.</span>\\n<span class=\\\"cm-comment\\\">//</span>\\n<span class=\\\"cm-variable\\\">void</span> <span class=\\\"cm-variable\\\">loginPostListener</span>() \\n{\\n    <span class=\\\"cm-variable\\\">Rublon2Factor</span> <span class=\\\"cm-variable\\\">rublon</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable\\\">new</span> <span class=\\\"cm-variable\\\">Rublon2Factor</span>\\n    (\\n        <span class=\\\"cm-comment\\\">// systemToken (please store in a config):</span>\\n        <span class=\\\"cm-string\\\">\\\"A69FC450848B4B94A040416DC4421523\\\"</span>,\\n        <span class=\\\"cm-comment\\\">// secretKey (please store in a safe config):</span>\\n        <span class=\\\"cm-string\\\">\\\"bLS6NDP7pGjg346S4IHqTHgQQjjSLw3CyApvz5iRjYzgIPN4e9EOi1cQJLrTlvLoHY8zeqg4ILrItYidKJ6JjEUZaA6pR1tZMwSZ\\\"</span>\\n    );\\n\\n    <span class=\\\"cm-variable\\\">try</span> <span class=\\\"cm-comment\\\">// Initiate a Rublon authentication transaction</span>\\n    { \\n        <span class=\\\"cm-variable\\\">User</span> <span class=\\\"cm-variable\\\">user</span> <span class=\\\"cm-operator\\\">=</span> (<span class=\\\"cm-variable\\\">User</span>)<span class=\\\"cm-variable\\\">Session</span>[<span class=\\\"cm-string\\\">\\\"loggedUser\\\"</span>];\\n        <span class=\\\"cm-variable\\\">string</span> <span class=\\\"cm-variable\\\">url</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable\\\">rublon</span>.<span class=\\\"cm-variable\\\">Authorize</span>\\n        (\\n            <span class=\\\"cm-string\\\">\\\"http://example.com/RublonCallback\\\"</span>, <span class=\\\"cm-comment\\\">// callback URL</span>\\n            <span class=\\\"cm-variable\\\">user</span>.<span class=\\\"cm-variable\\\">Id</span>, <span class=\\\"cm-comment\\\">// User Id</span>\\n            <span class=\\\"cm-variable\\\">user</span>.<span class=\\\"cm-variable\\\">Email</span> <span class=\\\"cm-comment\\\">// User email</span>\\n        );\\n\\n        <span class=\\\"cm-variable\\\">if</span> (<span class=\\\"cm-variable\\\">url</span> <span class=\\\"cm-operator\\\">!=</span> <span class=\\\"cm-variable\\\">null</span>) <span class=\\\"cm-comment\\\">// User protection is active</span>\\n        { \\n            <span class=\\\"cm-comment\\\">// Log off the user out before checking the second factor:</span>\\n            <span class=\\\"cm-variable\\\">Session</span>[<span class=\\\"cm-string\\\">\\\"loggedUsed\\\"</span>] <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable\\\">null</span>;\\n\\n            <span class=\\\"cm-comment\\\">// Redirect the user's web browser to Rublon servers</span>\\n            <span class=\\\"cm-comment\\\">// to verify the protection:</span>\\n            <span class=\\\"cm-variable\\\">Response</span>.<span class=\\\"cm-variable\\\">Redirect</span>(<span class=\\\"cm-variable\\\">url</span>);\\n        }\\n    } \\n    <span class=\\\"cm-variable\\\">catch</span> (<span class=\\\"cm-variable\\\">RublonException</span> <span class=\\\"cm-variable\\\">ex</span>) \\n    {\\n        <span class=\\\"cm-comment\\\">// An error occurred</span>\\n        <span class=\\\"cm-variable\\\">Session</span>[<span class=\\\"cm-string\\\">\\\"loggedUsed\\\"</span>] <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable\\\">null</span>;\\n        <span class=\\\"cm-variable\\\">throw</span>;\\n    }\\n\\n    <span class=\\\"cm-comment\\\">/* If we're here, the user's account is not protected by Rublon.</span>\\n    <span class=\\\"cm-comment\\\">The user can be authenticated. */</span>\\n}</pre>\\n</div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\\n</div></div><!-- ngSwitchWhen: image --><!-- ngSwitchWhen: embed --><!-- ngSwitchWhen: callout --><!-- ngSwitchWhen: parameters --><!-- ngSwitchWhen: html -->\\n      \\n      <p>If the user's account is protected by Rublon, calling the <code>Rublon2Factor.Authorize()</code> method will return a URL address pointing to Rublon servers, which the user's browser should redirect to in order to verify a Trusted Device, display a QR code to be scanned by the Rublon mobile app or verify identity by clicking a confirmation link which has been sent to the user's email address.</p>\\n    </div>\\n    <div role=\\\"tabpanel\\\" class=\\\"tab-pane\\\" id=\\\"java\\\">\\n    \\t<br/>\\n      <p>The <code>Rublon2Factor.auth()</code> method will check the user's protection status (using the email address) and return a URL address for the web browser to be redirected to (if user protection is active) or <code>null</code> in case the user's protection is not active.\\n      </p>\\n<table>\\n\\t<caption><code>Rublon2Factor.auth()</code> method arguments</caption>\\n\\t<thead><tr>\\n\\t\\t<th>Name</th>\\n\\t\\t<th>Type</th>\\n\\t\\t<th>Description</th>\\n\\t</tr></thead>\\n\\t<tbody>\\n\\t\\t<tr><td><code>callbackUrl</code></td><td>String</td><td>The integrated system's callback URL</td></tr>\\n\\t\\t<tr><td><code>userId</code></td><td>String</td><td>The integrated system's user's unique Id which will allow to log in the user upon successful authentication</td></tr>\\n\\t\\t<tr><td><code>userEmail</code></td><td>String</td><td>The user's email address in the integrated system which will allow to check the user's protection status and match the user to a Rublon account</td></tr>\\n\\t\\t<tr><td><code>consumerParams</code></td><td>JSONObject\\n</td><td>Additional transaction parameters (optional)</td></tr>    \\n\\t</tbody>\\n</table>  \\n<h3>Example JAVA code</h3>\\n<p>An example of logging in a user on an integrated system:</p>   \\n<!-- ngSwitchWhen: textarea --><!-- TODO: Make this generic using 'default' --><!-- ngSwitchWhen: api-header --><!-- ngSwitchWhen: code --><div class=\\\"ng-scope\\\" ng-switch-when=\\\"code\\\"><div type=\\\"section.type\\\" ng-model=\\\"section.data\\\" class=\\\"block-code block-show-code ng-isolate-scope ng-pristine ng-valid\\\">\\n  <div class=\\\"code-tabs ng-hide\\\" ng-show=\\\"data.codes.length > 1 || (data.codes.length == 1 &amp;&amp; data.codes[0].status)\\\">\\n    <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\\\"ng-scope tab on\\\" ng-class=\\\"{tab: true, on:$index==current, off:$index!=current}\\\" ng-repeat=\\\"tab in data.codes track by $id($index)\\\">\\n      <a href=\\\"\\\" ng-click=\\\"choose($index)\\\">\\n        <!-- ngIf: tab.status -->\\n        <!-- ngIf: !tab.status --><span class=\\\"ng-scope ng-binding\\\" ng-if=\\\"!tab.status\\\">\\n          Java\\n        </span><!-- end ngIf: !tab.status -->\\n      </a><span class=\\\"ng-hide\\\" ng-hide=\\\"$last\\\">·</span>\\n    </div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\\n  </div>\\n\\n  <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\\\"ng-scope\\\" ng-repeat=\\\"tab in data.codes track by $id($index)\\\" ng-show=\\\"$index==current\\\">\\n  <pre class=\\\"cm-s-neo\\\" data-mode=\\\"java\\\"><span class=\\\"cm-comment\\\">/**</span>\\n  <span class=\\\"cm-comment\\\">* An example method used to log the user in (integrated system's method)</span>\\n<span class=\\\"cm-comment\\\">*/</span>\\n<span class=\\\"cm-variable-3\\\">void</span> <span class=\\\"cm-def\\\">login</span>(<span class=\\\"cm-variable-3\\\">String</span> <span class=\\\"cm-variable\\\">login</span>, <span class=\\\"cm-variable-3\\\">String</span> <span class=\\\"cm-variable\\\">password</span>) {\\n  <span class=\\\"cm-keyword\\\">if</span> (<span class=\\\"cm-variable\\\">loginPreListener</span>()) {\\n    <span class=\\\"cm-variable\\\">User</span> <span class=\\\"cm-variable\\\">user</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable\\\">authenticate</span>(<span class=\\\"cm-variable\\\">login</span>, <span class=\\\"cm-variable\\\">password</span>);\\n    <span class=\\\"cm-keyword\\\">if</span> (<span class=\\\"cm-variable\\\">user</span> <span class=\\\"cm-operator\\\">!=</span> <span class=\\\"cm-atom\\\">null</span>) {\\n      <span class=\\\"cm-comment\\\">// The user has been authenticated.</span>\\n      <span class=\\\"cm-variable\\\">Session</span>.<span class=\\\"cm-variable\\\">setUser</span>(<span class=\\\"cm-variable\\\">user</span>);\\n      <span class=\\\"cm-variable\\\">loginPostListener</span>();  \\n    }\\n  }\\n}\\n  \\n<span class=\\\"cm-comment\\\">/**</span>\\n  <span class=\\\"cm-comment\\\">* Listener (hook) invoked after a successful first factor user authentication,</span>\\n  <span class=\\\"cm-comment\\\">* implemented for Rublon integration purposes.</span>\\n<span class=\\\"cm-comment\\\">*/</span>\\n<span class=\\\"cm-variable-3\\\">void</span> <span class=\\\"cm-def\\\">loginPostListener</span>() {\\n  <span class=\\\"cm-variable\\\">Rublon2Factor</span> <span class=\\\"cm-variable\\\">rublon</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-keyword\\\">new</span> <span class=\\\"cm-variable\\\">Rublon2Factor</span>(<span class=\\\"cm-string\\\">\\\"your_system_token\\\"</span>, <span class=\\\"cm-string\\\">\\\"your_access_key\\\"</span>);\\n  <span class=\\\"cm-keyword\\\">try</span> { <span class=\\\"cm-comment\\\">// Initiate a Rublon authentication transaction</span>\\n    <span class=\\\"cm-variable-3\\\">String</span> <span class=\\\"cm-variable\\\">url</span> <span class=\\\"cm-operator\\\">=</span> <span class=\\\"cm-variable\\\">rublon</span>.<span class=\\\"cm-variable\\\">auth</span>(\\n      <span class=\\\"cm-string\\\">\\\"http://example.com/rublon_callback\\\"</span>, <span class=\\\"cm-comment\\\">// callback URL</span>\\n      <span class=\\\"cm-variable\\\">Session</span>.<span class=\\\"cm-variable\\\">getUser</span>().<span class=\\\"cm-variable\\\">getId</span>(), <span class=\\\"cm-comment\\\">// User Id</span>\\n      <span class=\\\"cm-variable\\\">Session</span>.<span class=\\\"cm-variable\\\">getUser</span>().<span class=\\\"cm-variable\\\">getEmail</span>() <span class=\\\"cm-comment\\\">// User email</span>\\n    );\\n\\n    <span class=\\\"cm-keyword\\\">if</span> (<span class=\\\"cm-variable\\\">url</span> <span class=\\\"cm-operator\\\">!=</span> <span class=\\\"cm-atom\\\">null</span>) { <span class=\\\"cm-comment\\\">// User protection is active</span>\\n      <span class=\\\"cm-comment\\\">// Log the user out before checking the second factor:</span>\\n      <span class=\\\"cm-variable\\\">Session</span>.<span class=\\\"cm-variable\\\">setUser</span>(<span class=\\\"cm-atom\\\">null</span>);\\n      <span class=\\\"cm-comment\\\">// Redirect the user's web browser to Rublon servers</span>\\n      <span class=\\\"cm-comment\\\">// to verify the protection:</span>\\n      <span class=\\\"cm-variable\\\">HttpServer</span>.<span class=\\\"cm-variable\\\">sendHeader</span>(<span class=\\\"cm-string\\\">\\\"Location\\\"</span>, <span class=\\\"cm-variable\\\">url</span>);\\n    }\\n  } <span class=\\\"cm-keyword\\\">catch</span> (<span class=\\\"cm-variable\\\">RublonException</span> <span class=\\\"cm-variable\\\">e</span>) {\\n    <span class=\\\"cm-comment\\\">// An error occurred</span>\\n    <span class=\\\"cm-variable\\\">Session</span>.<span class=\\\"cm-variable\\\">setUser</span>(<span class=\\\"cm-atom\\\">null</span>);\\n    <span class=\\\"cm-variable\\\">HttpServer</span>.<span class=\\\"cm-variable\\\">setStatus</span>(<span class=\\\"cm-number\\\">500</span>);\\n    <span class=\\\"cm-variable\\\">HttpServer</span>.<span class=\\\"cm-variable\\\">setResponse</span>(<span class=\\\"cm-string\\\">\\\"There was an error, please try again later.\\\"</span>);\\n  }\\n  <span class=\\\"cm-comment\\\">/* If we're here, the user's account is not protected by Rublon.</span>\\n    <span class=\\\"cm-comment\\\">The user can be authenticated. */</span>\\n}</pre>\\n</div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\\n</div></div><!-- ngSwitchWhen: image --><!-- ngSwitchWhen: embed --><!-- ngSwitchWhen: callout --><!-- ngSwitchWhen: parameters --><!-- ngSwitchWhen: html -->\\n\\n<p>If the user's account is protected by Rublon, calling the <code>Rublon2Factor.auth()</code> method will return a URL address pointing to Rublon servers, which the user's browser should redirect to in order to verify a Trusted Device, display a QR code to be scanned by the Rublon mobile app or verify identity by clicking a confirmation link which has been sent to the user's email address.</p>      \\n      \\n      \\n    </div>\\n    <div role=\\\"tabpanel\\\" class=\\\"tab-pane\\\" id=\\\"python\\\">\\n    \\t<br/>\\n      <p>The <code>Rublon2Factor.auth()</code> method will check the user's protection status (using the email address) and return a URL address for the web browser to be redirected to (if user protection is active) or <code>None</code> in case the user's protection is not active.\\n      </p>\\n<table>\\n\\t<caption><code>Rublon2Factor.auth()</code> method arguments</caption>\\n\\t<thead><tr>\\n\\t\\t<th>Name</th>\\n\\t\\t<th>Type</th>\\n\\t\\t<th>Description</th>\\n\\t</tr></thead>\\n\\t<tbody>\\n\\t\\t<tr><td><code>callback_url</code></td><td>str</td><td>The integrated system's callback URL</td></tr>\\n\\t\\t<tr><td><code>user_id</code></td><td>str</td><td>The integrated system's user's unique Id which will allow to log in the user upon successful authentication</td></tr>\\n\\t\\t<tr><td><code>user_email</code></td><td>str</td><td>The user's email address in the integrated system which will allow to check the user's protection status and match the user to a Rublon account</td></tr>\\n\\t\\t<tr><td><code>consumer_params</code></td><td>dict\\n</td><td>Additional transaction parameters (optional)</td></tr>    \\n\\t</tbody>\\n</table>  \\n<h3>Example Python code</h3>\\n<p>An example of logging in a user on an integrated system:</p>  \\n\\n<!-- ngSwitchWhen: textarea --><!-- TODO: Make this generic using 'default' --><!-- ngSwitchWhen: api-header --><!-- ngSwitchWhen: code --><div class=\\\"ng-scope\\\" ng-switch-when=\\\"code\\\"><div type=\\\"section.type\\\" ng-model=\\\"section.data\\\" class=\\\"block-code block-show-code ng-isolate-scope ng-pristine ng-valid\\\">\\n  <div class=\\\"code-tabs ng-hide\\\" ng-show=\\\"data.codes.length > 1 || (data.codes.length == 1 &amp;&amp; data.codes[0].status)\\\">\\n    <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\\\"ng-scope tab on\\\" ng-class=\\\"{tab: true, on:$index==current, off:$index!=current}\\\" ng-repeat=\\\"tab in data.codes track by $id($index)\\\">\\n      <a href=\\\"\\\" ng-click=\\\"choose($index)\\\">\\n        <!-- ngIf: tab.status -->\\n        <!-- ngIf: !tab.status --><span class=\\\"ng-scope ng-binding\\\" ng-if=\\\"!tab.status\\\">\\n          Python\\n        </span><!-- end ngIf: !tab.status -->\\n      </a><span class=\\\"ng-hide\\\" ng-hide=\\\"$last\\\">·</span>\\n    </div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\\n  </div>\\n\\n  <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\\\"ng-scope\\\" ng-repeat=\\\"tab in data.codes track by $id($index)\\\" ng-show=\\\"$index==current\\\">\\n  <pre class=\\\"cm-s-neo\\\" data-mode=\\\"python\\\"><span class=\\\"cm-variable\\\">RUBLON_SYSTEM_TOKEN</span> = <span class=\\\"cm-string\\\">'your_system_token'</span>\\n<span class=\\\"cm-variable\\\">RUBLON_SECRET_KEY</span> = <span class=\\\"cm-string\\\">'your_secret_key'</span>\\n<span class=\\\"cm-variable\\\">callback_url</span> = <span class=\\\"cm-variable\\\">callback_url</span> = <span class=\\\"cm-variable\\\">request</span>.<span class=\\\"cm-variable\\\">url_root</span> <span class=\\\"cm-operator\\\">+</span> <span class=\\\"cm-string\\\">'rublon_callback/'</span> <span class=\\\"cm-operator\\\">//</span><span class=\\\"cm-number\\\">1</span>\\n<span class=\\\"cm-variable\\\">user_email</span> = <span class=\\\"cm-string\\\">'user:::at:::example.com'</span> <span class=\\\"cm-operator\\\">//</span><span class=\\\"cm-number\\\">2</span>\\n<span class=\\\"cm-variable\\\">user_id</span> = <span class=\\\"cm-variable\\\">user_email</span> <span class=\\\"cm-operator\\\">//</span><span class=\\\"cm-number\\\">3</span>\\n<span class=\\\"cm-variable\\\">extra_params</span> = {} <span class=\\\"cm-operator\\\">//</span><span class=\\\"cm-number\\\">4</span>\\n\\n<span class=\\\"cm-variable\\\">rublon</span> = <span class=\\\"cm-variable\\\">Rublon2Factor</span>(<span class=\\\"cm-variable\\\">RUBLON_SYSTEM_TOKEN</span>, <span class=\\\"cm-variable\\\">RUBLON_SECRET_KEY</span>)\\n<span class=\\\"cm-variable\\\">url</span> = <span class=\\\"cm-variable\\\">rublon</span>.<span class=\\\"cm-variable\\\">auth</span>(<span class=\\\"cm-variable\\\">callback_url</span>, <span class=\\\"cm-variable\\\">user_id</span>, <span class=\\\"cm-variable\\\">user_email</span>, <span class=\\\"cm-variable\\\">extra_params</span>)\\n<span class=\\\"cm-keyword\\\">return</span> <span class=\\\"cm-variable\\\">redirect</span>(<span class=\\\"cm-variable\\\">url</span>) <span class=\\\"cm-operator\\\">//</span> <span class=\\\"cm-number\\\">5</span></pre>\\n</div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\\n</div></div><!-- ngSwitchWhen: image --><!-- ngSwitchWhen: embed --><!-- ngSwitchWhen: callout --><!-- ngSwitchWhen: parameters --><!-- ngSwitchWhen: html -->\\n<p>If the user's account is protected by Rublon, calling the <code>Rublon2Factor.auth()</code> method will return a URL address pointing to Rublon servers, which the user's browser should redirect to in order to verify a Trusted Device, display a QR code to be scanned by the Rublon mobile app or verify identity by clicking a confirmation link which has been sent to the user's email address.</p>    \\n</div>\\n</div>\\n<style>\\n.langnav > li > a {\\n    padding: 3px 15px;\\n}\\ncaption{\\nmargin:10px;\\n}\\n.tab-pane h3 {\\n    color: #555;\\n    font-size: 17px;\\n    font-weight: 700;\\n    text-transform: uppercase;\\n}  \\n</style>\"\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"info\",\n  \"body\": \"Because the user's web browser will be redirected to Rublon servers in order to confirm the user's identity, the user should be logged out (if he/she was logged in before) to prevent creating a user session. Otherwise Rublon will not protect the user effectively, because returning to the integrated system before a proper Rublon authentication is performed may grant the user access to an active logged in session in the system. The user should be logged in only after a successful Rublon authentication.\"\n}\n[/block]","excerpt":"","slug":"sdk-signing-in","type":"basic","title":"Signing in"}
Rublon protects users during their signing in processes. Even if a someone lears the user's password with malicious intent, such a person would be unable to log in to the user's account, because a physical access to the Rublon mobile app (installed in the user's smartphone) or to his email account is needed. [block:callout] { "type": "info", "body": "Developer can force users to authenticate using the mobile app (to avoid the Email2FA process) and/or ignore the Trusted Devices, which can increase the security. These features available only to systems integrated within the *Business plan*. [Check the pricing](https://developers.rublon.com/98/Pricing)" } [/block] Authenticating a user with the second factor should be initiated when the user has successfully passed the first factor of authentication (e.g. the valid user credentials have been provided) and the user's unique Id and email address are known. [block:html] { "html": "<div>\n <!-- Nav tabs -->\n <ul class=\"nav nav-tabs langnav\" role=\"tablist\">\n <li role=\"presentation\" class=\"active\"><a href=\"#php\" aria-controls=\"php\" role=\"tab\" data-toggle=\"tab\">PHP</a></li>\n <li role=\"presentation\"><a href=\"#net\" aria-controls=\"net\" role=\"tab\" data-toggle=\"tab\">.NET</a></li>\n <li role=\"presentation\"><a href=\"#java\" aria-controls=\"java\" role=\"tab\" data-toggle=\"tab\">Java</a></li>\n <li role=\"presentation\"><a href=\"#python\" aria-controls=\"python\" role=\"tab\" data-toggle=\"tab\">Python</a></li>\n </ul>\n\n <!-- Tab panes -->\n <div class=\"tab-content\">\n <div role=\"tabpanel\" class=\"tab-pane active\" id=\"php\">\n \t<br/>\n <p>The Rublon2Factor::auth() method will check the user's protection status (using the email address) and return a URL address for the web browser to be redirected to (if user protection is active) or NULL in case the user's protection is not active.\n </p>\n<table>\n\t<caption><code>Rublon2Factor::auth()</code> method arguments</caption>\n\t<thead><tr>\n\t\t<th>Name</th>\n\t\t<th>Type</th>\n\t\t<th>Description</th>\n\t</tr></thead>\n\t<tbody>\n\t\t<tr><td><code>$callbackUrl</code></td><td>string</td><td>The integrated system's callback URL</td></tr>\n\t\t<tr><td><code>$userId</code></td><td>string</td><td>The integrated system's user's unique Id which will allow to log in the user upon successful authentication</td></tr>\n\t\t<tr><td><code>$userEmail</code></td><td>string</td><td>The user's email address in the integrated system which will allow to check the user's protection status and match the user to a Rublon account</td></tr>\n\t\t<tr><td><code>$consumerParams</code></td><td>array</td><td>Additional transaction parameters (optional)</td></tr> \n\t</tbody>\n</table> \n<h3 id=\"example\">Example PHP code</h3>\n<p>An example of logging in a user on an integrated system:</p>\n<!-- ngSwitchWhen: textarea --><!-- TODO: Make this generic using 'default' --><!-- ngSwitchWhen: api-header --><!-- ngSwitchWhen: code --><div class=\"ng-scope\" ng-switch-when=\"code\"><div type=\"section.type\" ng-model=\"section.data\" class=\"block-code block-show-code ng-isolate-scope ng-pristine ng-valid\">\n <div class=\"code-tabs ng-hide\" ng-show=\"data.codes.length > 1 || (data.codes.length == 1 &amp;&amp; data.codes[0].status)\">\n <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\"ng-scope tab on\" ng-class=\"{tab: true, on:$index==current, off:$index!=current}\" ng-repeat=\"tab in data.codes track by $id($index)\">\n <a href=\"\" ng-click=\"choose($index)\">\n <!-- ngIf: tab.status -->\n <!-- ngIf: !tab.status --><span class=\"ng-scope ng-binding\" ng-if=\"!tab.status\">\n PHP\n </span><!-- end ngIf: !tab.status -->\n </a><span class=\"ng-hide\" ng-hide=\"$last\">·</span>\n </div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\n </div>\n\n <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\"ng-scope\" ng-repeat=\"tab in data.codes track by $id($index)\" ng-show=\"$index==current\">\n <pre class=\"cm-s-neo\" data-mode=\"php\"><span class=\"cm-meta\">&lt;?</span>\n<span class=\"cm-comment\">/**</span>\n <span class=\"cm-comment\">* An example method used to log the user in (integrated system's method)</span>\n <span class=\"cm-comment\">*/</span>\n<span class=\"cm-keyword\">function</span> <span class=\"cm-def\">login</span>(<span class=\"cm-variable-2\">$login</span>, <span class=\"cm-variable-2\">$password</span>) {\n <span class=\"cm-keyword\">if</span> (<span class=\"cm-variable\">loginPreListener</span>()) {\n <span class=\"cm-keyword\">if</span> (<span class=\"cm-variable-2\">$user</span> <span class=\"cm-operator\">=</span> <span class=\"cm-variable\">authenticate</span>(<span class=\"cm-variable-2\">$login</span>, <span class=\"cm-variable-2\">$password</span>)) {\n <span class=\"cm-comment\">// The user has been authenticated.</span>\n <span class=\"cm-variable-2\">$_SESSION</span>[<span class=\"cm-string\">\"</span><span class=\"cm-string\">user\"</span>] <span class=\"cm-operator\">=</span> <span class=\"cm-variable-2\">$user</span>;\n <span class=\"cm-variable\">loginPostListener</span>();\n }\n }\n}\n\n<span class=\"cm-comment\">/**</span>\n <span class=\"cm-comment\">* Listener (hook) invoked after a successful first factor user authentication,</span>\n <span class=\"cm-comment\">* implemented for Rublon integration purposes.</span>\n <span class=\"cm-comment\">*/</span>\n<span class=\"cm-keyword\">function</span> <span class=\"cm-def\">loginPostListener</span>() {\n <span class=\"cm-variable-2\">$rublon</span> <span class=\"cm-operator\">=</span> <span class=\"cm-keyword\">new</span> <span class=\"cm-variable\">Rublon2Factor</span>(<span class=\"cm-string\">\"</span><span class=\"cm-string\">your_system_token\"</span>, <span class=\"cm-string\">\"</span><span class=\"cm-string\">your_access_key\"</span>);\n <span class=\"cm-keyword\">try</span> { <span class=\"cm-comment\">// Initiate a Rublon authentication transaction</span>\n <span class=\"cm-variable-2\">$url</span> <span class=\"cm-operator\">=</span> <span class=\"cm-variable-2\">$rublon</span><span class=\"cm-operator\">-&gt;</span><span class=\"cm-variable\">auth</span>(\n <span class=\"cm-variable-2\">$callbackUrl</span> <span class=\"cm-operator\">=</span> <span class=\"cm-string\">\"</span><span class=\"cm-string\">http://example.com/rublon_callback.php\"</span>,\n <span class=\"cm-variable-2\">$_SESSION</span>[<span class=\"cm-string\">\"</span><span class=\"cm-string\">user\"</span>][<span class=\"cm-string\">\"</span><span class=\"cm-string\">id\"</span>], <span class=\"cm-comment\">// User Id</span>\n <span class=\"cm-variable-2\">$_SESSION</span>[<span class=\"cm-string\">\"</span><span class=\"cm-string\">user\"</span>][<span class=\"cm-string\">\"</span><span class=\"cm-string\">email\"</span>] <span class=\"cm-comment\">// User email</span>\n );\n <span class=\"cm-keyword\">if</span> (<span class=\"cm-operator\">!</span><span class=\"cm-keyword\">empty</span>(<span class=\"cm-variable-2\">$url</span>)) { <span class=\"cm-comment\">// User protection is active</span>\n <span class=\"cm-comment\">// Log the user out before checking the second factor:</span>\n <span class=\"cm-keyword\">unset</span>(<span class=\"cm-variable-2\">$_SESSION</span>[<span class=\"cm-string\">\"</span><span class=\"cm-string\">user\"</span>]);\n <span class=\"cm-comment\">// Redirect the user's web browser to Rublon servers</span>\n <span class=\"cm-comment\">// to verify the protection:</span>\n <span class=\"cm-builtin\">header</span>(<span class=\"cm-string\">'Location: '</span> . <span class=\"cm-variable-2\">$url</span>);\n }\n } <span class=\"cm-keyword\">catch</span> (<span class=\"cm-variable\">RublonException</span> <span class=\"cm-variable-2\">$e</span>) {\n <span class=\"cm-comment\">// An error occurred</span>\n <span class=\"cm-keyword\">unset</span>(<span class=\"cm-variable-2\">$_SESSION</span>[<span class=\"cm-string\">\"</span><span class=\"cm-string\">user\"</span>]);\n <span class=\"cm-keyword\">die</span>(<span class=\"cm-string\">\"</span><span class=\"cm-string\">There was an error, please try again later.\"</span>);\n }\n \n <span class=\"cm-comment\">/* If we're here, the user's account is not protected by Rublon.</span>\n <span class=\"cm-comment\">The user can be authenticated. */</span>\n <span class=\"cm-keyword\">return</span> <span class=\"cm-atom\">true</span>;\n}</pre>\n</div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\n</div></div><!-- ngSwitchWhen: image --><!-- ngSwitchWhen: embed --><!-- ngSwitchWhen: callout --><!-- ngSwitchWhen: parameters --><!-- ngSwitchWhen: html -->\n<p>If the user's account is protected by Rublon, calling the Rublon2Factor::auth() method will return a URL address pointing to Rublon servers, which the user's browser should redirect to in order to verify a Trusted Device, display a QR code to be scanned by the Rublon mobile app or verify identity by clicking a confirmation link which has been sent to the user's email address.</p>\n </div>\n <div role=\"tabpanel\" class=\"tab-pane\" id=\"net\">\n \n \t<br/>\n <p>The Rublon2Factor.Authorize() method will check the user's protection status (using the email address) and return a URL address for the web browser to be redirected to (if user protection is active) or <code>null</code> in case the user's protection is not active.\n </p>\n<table>\n\t<caption><code>Rublon2Factor.Authorize()</code> method arguments</caption>\n\t<thead><tr>\n\t\t<th>Name</th>\n\t\t<th>Type</th>\n\t\t<th>Description</th>\n\t</tr></thead>\n\t<tbody>\n\t\t<tr><td><code>callbackUrl</code></td><td>string</td><td>The integrated system's callback URL</td></tr>\n\t\t<tr><td><code>userId</code></td><td>string</td><td>The integrated system's user's unique Id which will allow to log in the user upon successful authentication</td></tr>\n\t\t<tr><td><code>userEmail</code></td><td>string</td><td>The user's email address in the integrated system which will allow to check the user's protection status and match the user to a Rublon account</td></tr>\n\t\t<tr><td><code>consumerParams</code></td><td>JObject\n</td><td>Additional transaction parameters (optional)</td></tr> \n\t</tbody>\n</table> \n<h3>Example .NET code</h3>\n<p>An example of logging in a user on an integrated system:</p> \n<!-- ngSwitchWhen: textarea --><!-- TODO: Make this generic using 'default' --><!-- ngSwitchWhen: api-header --><!-- ngSwitchWhen: code --><div class=\"ng-scope\" ng-switch-when=\"code\"><div type=\"section.type\" ng-model=\"section.data\" class=\"block-code block-show-code ng-isolate-scope ng-pristine ng-valid\">\n <div class=\"code-tabs ng-hide\" ng-show=\"data.codes.length > 1 || (data.codes.length == 1 &amp;&amp; data.codes[0].status)\">\n <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\"ng-scope tab on\" ng-class=\"{tab: true, on:$index==current, off:$index!=current}\" ng-repeat=\"tab in data.codes track by $id($index)\">\n <a href=\"\" ng-click=\"choose($index)\">\n <!-- ngIf: tab.status -->\n <!-- ngIf: !tab.status --><span class=\"ng-scope ng-binding\" ng-if=\"!tab.status\">\n C#\n </span><!-- end ngIf: !tab.status -->\n </a><span class=\"ng-hide\" ng-hide=\"$last\">·</span>\n </div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\n </div>\n\n <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\"ng-scope\" ng-repeat=\"tab in data.codes track by $id($index)\" ng-show=\"$index==current\">\n <pre class=\"cm-s-neo\" data-mode=\"csharp\"><span class=\"cm-comment\">//</span>\n<span class=\"cm-comment\">// An example method used to log the user in (integrated system's method)</span>\n<span class=\"cm-comment\">//</span>\n<span class=\"cm-variable\">void</span> <span class=\"cm-variable\">login</span>(<span class=\"cm-variable\">string</span> <span class=\"cm-variable\">login</span>, <span class=\"cm-variable\">string</span> <span class=\"cm-variable\">password</span>) \n{\n <span class=\"cm-variable\">if</span> (<span class=\"cm-variable\">loginPreListener</span>()) \n {\n <span class=\"cm-variable\">User</span> <span class=\"cm-variable\">user</span> <span class=\"cm-operator\">=</span> <span class=\"cm-variable\">authenticate</span>(<span class=\"cm-variable\">login</span>, <span class=\"cm-variable\">password</span>);\n <span class=\"cm-variable\">if</span> (<span class=\"cm-variable\">user</span> <span class=\"cm-operator\">!=</span> <span class=\"cm-variable\">null</span>) \n {\n <span class=\"cm-comment\">// The user has been authenticated.</span>\n <span class=\"cm-variable\">Session</span>[<span class=\"cm-string\">\"loggedUsed\"</span>] <span class=\"cm-operator\">=</span> <span class=\"cm-variable\">user</span>;\n <span class=\"cm-variable\">loginPostListener</span>();\n }\n }\n}\n\n\n<span class=\"cm-comment\">//</span>\n<span class=\"cm-comment\">// Listener (hook) invoked after a successful first factor user authentication,</span>\n<span class=\"cm-comment\">// implemented for Rublon integration purposes.</span>\n<span class=\"cm-comment\">//</span>\n<span class=\"cm-variable\">void</span> <span class=\"cm-variable\">loginPostListener</span>() \n{\n <span class=\"cm-variable\">Rublon2Factor</span> <span class=\"cm-variable\">rublon</span> <span class=\"cm-operator\">=</span> <span class=\"cm-variable\">new</span> <span class=\"cm-variable\">Rublon2Factor</span>\n (\n <span class=\"cm-comment\">// systemToken (please store in a config):</span>\n <span class=\"cm-string\">\"A69FC450848B4B94A040416DC4421523\"</span>,\n <span class=\"cm-comment\">// secretKey (please store in a safe config):</span>\n <span class=\"cm-string\">\"bLS6NDP7pGjg346S4IHqTHgQQjjSLw3CyApvz5iRjYzgIPN4e9EOi1cQJLrTlvLoHY8zeqg4ILrItYidKJ6JjEUZaA6pR1tZMwSZ\"</span>\n );\n\n <span class=\"cm-variable\">try</span> <span class=\"cm-comment\">// Initiate a Rublon authentication transaction</span>\n { \n <span class=\"cm-variable\">User</span> <span class=\"cm-variable\">user</span> <span class=\"cm-operator\">=</span> (<span class=\"cm-variable\">User</span>)<span class=\"cm-variable\">Session</span>[<span class=\"cm-string\">\"loggedUser\"</span>];\n <span class=\"cm-variable\">string</span> <span class=\"cm-variable\">url</span> <span class=\"cm-operator\">=</span> <span class=\"cm-variable\">rublon</span>.<span class=\"cm-variable\">Authorize</span>\n (\n <span class=\"cm-string\">\"http://example.com/RublonCallback\"</span>, <span class=\"cm-comment\">// callback URL</span>\n <span class=\"cm-variable\">user</span>.<span class=\"cm-variable\">Id</span>, <span class=\"cm-comment\">// User Id</span>\n <span class=\"cm-variable\">user</span>.<span class=\"cm-variable\">Email</span> <span class=\"cm-comment\">// User email</span>\n );\n\n <span class=\"cm-variable\">if</span> (<span class=\"cm-variable\">url</span> <span class=\"cm-operator\">!=</span> <span class=\"cm-variable\">null</span>) <span class=\"cm-comment\">// User protection is active</span>\n { \n <span class=\"cm-comment\">// Log off the user out before checking the second factor:</span>\n <span class=\"cm-variable\">Session</span>[<span class=\"cm-string\">\"loggedUsed\"</span>] <span class=\"cm-operator\">=</span> <span class=\"cm-variable\">null</span>;\n\n <span class=\"cm-comment\">// Redirect the user's web browser to Rublon servers</span>\n <span class=\"cm-comment\">// to verify the protection:</span>\n <span class=\"cm-variable\">Response</span>.<span class=\"cm-variable\">Redirect</span>(<span class=\"cm-variable\">url</span>);\n }\n } \n <span class=\"cm-variable\">catch</span> (<span class=\"cm-variable\">RublonException</span> <span class=\"cm-variable\">ex</span>) \n {\n <span class=\"cm-comment\">// An error occurred</span>\n <span class=\"cm-variable\">Session</span>[<span class=\"cm-string\">\"loggedUsed\"</span>] <span class=\"cm-operator\">=</span> <span class=\"cm-variable\">null</span>;\n <span class=\"cm-variable\">throw</span>;\n }\n\n <span class=\"cm-comment\">/* If we're here, the user's account is not protected by Rublon.</span>\n <span class=\"cm-comment\">The user can be authenticated. */</span>\n}</pre>\n</div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\n</div></div><!-- ngSwitchWhen: image --><!-- ngSwitchWhen: embed --><!-- ngSwitchWhen: callout --><!-- ngSwitchWhen: parameters --><!-- ngSwitchWhen: html -->\n \n <p>If the user's account is protected by Rublon, calling the <code>Rublon2Factor.Authorize()</code> method will return a URL address pointing to Rublon servers, which the user's browser should redirect to in order to verify a Trusted Device, display a QR code to be scanned by the Rublon mobile app or verify identity by clicking a confirmation link which has been sent to the user's email address.</p>\n </div>\n <div role=\"tabpanel\" class=\"tab-pane\" id=\"java\">\n \t<br/>\n <p>The <code>Rublon2Factor.auth()</code> method will check the user's protection status (using the email address) and return a URL address for the web browser to be redirected to (if user protection is active) or <code>null</code> in case the user's protection is not active.\n </p>\n<table>\n\t<caption><code>Rublon2Factor.auth()</code> method arguments</caption>\n\t<thead><tr>\n\t\t<th>Name</th>\n\t\t<th>Type</th>\n\t\t<th>Description</th>\n\t</tr></thead>\n\t<tbody>\n\t\t<tr><td><code>callbackUrl</code></td><td>String</td><td>The integrated system's callback URL</td></tr>\n\t\t<tr><td><code>userId</code></td><td>String</td><td>The integrated system's user's unique Id which will allow to log in the user upon successful authentication</td></tr>\n\t\t<tr><td><code>userEmail</code></td><td>String</td><td>The user's email address in the integrated system which will allow to check the user's protection status and match the user to a Rublon account</td></tr>\n\t\t<tr><td><code>consumerParams</code></td><td>JSONObject\n</td><td>Additional transaction parameters (optional)</td></tr> \n\t</tbody>\n</table> \n<h3>Example JAVA code</h3>\n<p>An example of logging in a user on an integrated system:</p> \n<!-- ngSwitchWhen: textarea --><!-- TODO: Make this generic using 'default' --><!-- ngSwitchWhen: api-header --><!-- ngSwitchWhen: code --><div class=\"ng-scope\" ng-switch-when=\"code\"><div type=\"section.type\" ng-model=\"section.data\" class=\"block-code block-show-code ng-isolate-scope ng-pristine ng-valid\">\n <div class=\"code-tabs ng-hide\" ng-show=\"data.codes.length > 1 || (data.codes.length == 1 &amp;&amp; data.codes[0].status)\">\n <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\"ng-scope tab on\" ng-class=\"{tab: true, on:$index==current, off:$index!=current}\" ng-repeat=\"tab in data.codes track by $id($index)\">\n <a href=\"\" ng-click=\"choose($index)\">\n <!-- ngIf: tab.status -->\n <!-- ngIf: !tab.status --><span class=\"ng-scope ng-binding\" ng-if=\"!tab.status\">\n Java\n </span><!-- end ngIf: !tab.status -->\n </a><span class=\"ng-hide\" ng-hide=\"$last\">·</span>\n </div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\n </div>\n\n <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\"ng-scope\" ng-repeat=\"tab in data.codes track by $id($index)\" ng-show=\"$index==current\">\n <pre class=\"cm-s-neo\" data-mode=\"java\"><span class=\"cm-comment\">/**</span>\n <span class=\"cm-comment\">* An example method used to log the user in (integrated system's method)</span>\n<span class=\"cm-comment\">*/</span>\n<span class=\"cm-variable-3\">void</span> <span class=\"cm-def\">login</span>(<span class=\"cm-variable-3\">String</span> <span class=\"cm-variable\">login</span>, <span class=\"cm-variable-3\">String</span> <span class=\"cm-variable\">password</span>) {\n <span class=\"cm-keyword\">if</span> (<span class=\"cm-variable\">loginPreListener</span>()) {\n <span class=\"cm-variable\">User</span> <span class=\"cm-variable\">user</span> <span class=\"cm-operator\">=</span> <span class=\"cm-variable\">authenticate</span>(<span class=\"cm-variable\">login</span>, <span class=\"cm-variable\">password</span>);\n <span class=\"cm-keyword\">if</span> (<span class=\"cm-variable\">user</span> <span class=\"cm-operator\">!=</span> <span class=\"cm-atom\">null</span>) {\n <span class=\"cm-comment\">// The user has been authenticated.</span>\n <span class=\"cm-variable\">Session</span>.<span class=\"cm-variable\">setUser</span>(<span class=\"cm-variable\">user</span>);\n <span class=\"cm-variable\">loginPostListener</span>(); \n }\n }\n}\n \n<span class=\"cm-comment\">/**</span>\n <span class=\"cm-comment\">* Listener (hook) invoked after a successful first factor user authentication,</span>\n <span class=\"cm-comment\">* implemented for Rublon integration purposes.</span>\n<span class=\"cm-comment\">*/</span>\n<span class=\"cm-variable-3\">void</span> <span class=\"cm-def\">loginPostListener</span>() {\n <span class=\"cm-variable\">Rublon2Factor</span> <span class=\"cm-variable\">rublon</span> <span class=\"cm-operator\">=</span> <span class=\"cm-keyword\">new</span> <span class=\"cm-variable\">Rublon2Factor</span>(<span class=\"cm-string\">\"your_system_token\"</span>, <span class=\"cm-string\">\"your_access_key\"</span>);\n <span class=\"cm-keyword\">try</span> { <span class=\"cm-comment\">// Initiate a Rublon authentication transaction</span>\n <span class=\"cm-variable-3\">String</span> <span class=\"cm-variable\">url</span> <span class=\"cm-operator\">=</span> <span class=\"cm-variable\">rublon</span>.<span class=\"cm-variable\">auth</span>(\n <span class=\"cm-string\">\"http://example.com/rublon_callback\"</span>, <span class=\"cm-comment\">// callback URL</span>\n <span class=\"cm-variable\">Session</span>.<span class=\"cm-variable\">getUser</span>().<span class=\"cm-variable\">getId</span>(), <span class=\"cm-comment\">// User Id</span>\n <span class=\"cm-variable\">Session</span>.<span class=\"cm-variable\">getUser</span>().<span class=\"cm-variable\">getEmail</span>() <span class=\"cm-comment\">// User email</span>\n );\n\n <span class=\"cm-keyword\">if</span> (<span class=\"cm-variable\">url</span> <span class=\"cm-operator\">!=</span> <span class=\"cm-atom\">null</span>) { <span class=\"cm-comment\">// User protection is active</span>\n <span class=\"cm-comment\">// Log the user out before checking the second factor:</span>\n <span class=\"cm-variable\">Session</span>.<span class=\"cm-variable\">setUser</span>(<span class=\"cm-atom\">null</span>);\n <span class=\"cm-comment\">// Redirect the user's web browser to Rublon servers</span>\n <span class=\"cm-comment\">// to verify the protection:</span>\n <span class=\"cm-variable\">HttpServer</span>.<span class=\"cm-variable\">sendHeader</span>(<span class=\"cm-string\">\"Location\"</span>, <span class=\"cm-variable\">url</span>);\n }\n } <span class=\"cm-keyword\">catch</span> (<span class=\"cm-variable\">RublonException</span> <span class=\"cm-variable\">e</span>) {\n <span class=\"cm-comment\">// An error occurred</span>\n <span class=\"cm-variable\">Session</span>.<span class=\"cm-variable\">setUser</span>(<span class=\"cm-atom\">null</span>);\n <span class=\"cm-variable\">HttpServer</span>.<span class=\"cm-variable\">setStatus</span>(<span class=\"cm-number\">500</span>);\n <span class=\"cm-variable\">HttpServer</span>.<span class=\"cm-variable\">setResponse</span>(<span class=\"cm-string\">\"There was an error, please try again later.\"</span>);\n }\n <span class=\"cm-comment\">/* If we're here, the user's account is not protected by Rublon.</span>\n <span class=\"cm-comment\">The user can be authenticated. */</span>\n}</pre>\n</div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\n</div></div><!-- ngSwitchWhen: image --><!-- ngSwitchWhen: embed --><!-- ngSwitchWhen: callout --><!-- ngSwitchWhen: parameters --><!-- ngSwitchWhen: html -->\n\n<p>If the user's account is protected by Rublon, calling the <code>Rublon2Factor.auth()</code> method will return a URL address pointing to Rublon servers, which the user's browser should redirect to in order to verify a Trusted Device, display a QR code to be scanned by the Rublon mobile app or verify identity by clicking a confirmation link which has been sent to the user's email address.</p> \n \n \n </div>\n <div role=\"tabpanel\" class=\"tab-pane\" id=\"python\">\n \t<br/>\n <p>The <code>Rublon2Factor.auth()</code> method will check the user's protection status (using the email address) and return a URL address for the web browser to be redirected to (if user protection is active) or <code>None</code> in case the user's protection is not active.\n </p>\n<table>\n\t<caption><code>Rublon2Factor.auth()</code> method arguments</caption>\n\t<thead><tr>\n\t\t<th>Name</th>\n\t\t<th>Type</th>\n\t\t<th>Description</th>\n\t</tr></thead>\n\t<tbody>\n\t\t<tr><td><code>callback_url</code></td><td>str</td><td>The integrated system's callback URL</td></tr>\n\t\t<tr><td><code>user_id</code></td><td>str</td><td>The integrated system's user's unique Id which will allow to log in the user upon successful authentication</td></tr>\n\t\t<tr><td><code>user_email</code></td><td>str</td><td>The user's email address in the integrated system which will allow to check the user's protection status and match the user to a Rublon account</td></tr>\n\t\t<tr><td><code>consumer_params</code></td><td>dict\n</td><td>Additional transaction parameters (optional)</td></tr> \n\t</tbody>\n</table> \n<h3>Example Python code</h3>\n<p>An example of logging in a user on an integrated system:</p> \n\n<!-- ngSwitchWhen: textarea --><!-- TODO: Make this generic using 'default' --><!-- ngSwitchWhen: api-header --><!-- ngSwitchWhen: code --><div class=\"ng-scope\" ng-switch-when=\"code\"><div type=\"section.type\" ng-model=\"section.data\" class=\"block-code block-show-code ng-isolate-scope ng-pristine ng-valid\">\n <div class=\"code-tabs ng-hide\" ng-show=\"data.codes.length > 1 || (data.codes.length == 1 &amp;&amp; data.codes[0].status)\">\n <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\"ng-scope tab on\" ng-class=\"{tab: true, on:$index==current, off:$index!=current}\" ng-repeat=\"tab in data.codes track by $id($index)\">\n <a href=\"\" ng-click=\"choose($index)\">\n <!-- ngIf: tab.status -->\n <!-- ngIf: !tab.status --><span class=\"ng-scope ng-binding\" ng-if=\"!tab.status\">\n Python\n </span><!-- end ngIf: !tab.status -->\n </a><span class=\"ng-hide\" ng-hide=\"$last\">·</span>\n </div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\n </div>\n\n <!-- ngRepeat: tab in data.codes track by $id($index) --><div class=\"ng-scope\" ng-repeat=\"tab in data.codes track by $id($index)\" ng-show=\"$index==current\">\n <pre class=\"cm-s-neo\" data-mode=\"python\"><span class=\"cm-variable\">RUBLON_SYSTEM_TOKEN</span> = <span class=\"cm-string\">'your_system_token'</span>\n<span class=\"cm-variable\">RUBLON_SECRET_KEY</span> = <span class=\"cm-string\">'your_secret_key'</span>\n<span class=\"cm-variable\">callback_url</span> = <span class=\"cm-variable\">callback_url</span> = <span class=\"cm-variable\">request</span>.<span class=\"cm-variable\">url_root</span> <span class=\"cm-operator\">+</span> <span class=\"cm-string\">'rublon_callback/'</span> <span class=\"cm-operator\">//</span><span class=\"cm-number\">1</span>\n<span class=\"cm-variable\">user_email</span> = <span class=\"cm-string\">'user@example.com'</span> <span class=\"cm-operator\">//</span><span class=\"cm-number\">2</span>\n<span class=\"cm-variable\">user_id</span> = <span class=\"cm-variable\">user_email</span> <span class=\"cm-operator\">//</span><span class=\"cm-number\">3</span>\n<span class=\"cm-variable\">extra_params</span> = {} <span class=\"cm-operator\">//</span><span class=\"cm-number\">4</span>\n\n<span class=\"cm-variable\">rublon</span> = <span class=\"cm-variable\">Rublon2Factor</span>(<span class=\"cm-variable\">RUBLON_SYSTEM_TOKEN</span>, <span class=\"cm-variable\">RUBLON_SECRET_KEY</span>)\n<span class=\"cm-variable\">url</span> = <span class=\"cm-variable\">rublon</span>.<span class=\"cm-variable\">auth</span>(<span class=\"cm-variable\">callback_url</span>, <span class=\"cm-variable\">user_id</span>, <span class=\"cm-variable\">user_email</span>, <span class=\"cm-variable\">extra_params</span>)\n<span class=\"cm-keyword\">return</span> <span class=\"cm-variable\">redirect</span>(<span class=\"cm-variable\">url</span>) <span class=\"cm-operator\">//</span> <span class=\"cm-number\">5</span></pre>\n</div><!-- end ngRepeat: tab in data.codes track by $id($index) -->\n</div></div><!-- ngSwitchWhen: image --><!-- ngSwitchWhen: embed --><!-- ngSwitchWhen: callout --><!-- ngSwitchWhen: parameters --><!-- ngSwitchWhen: html -->\n<p>If the user's account is protected by Rublon, calling the <code>Rublon2Factor.auth()</code> method will return a URL address pointing to Rublon servers, which the user's browser should redirect to in order to verify a Trusted Device, display a QR code to be scanned by the Rublon mobile app or verify identity by clicking a confirmation link which has been sent to the user's email address.</p> \n</div>\n</div>\n<style>\n.langnav > li > a {\n padding: 3px 15px;\n}\ncaption{\nmargin:10px;\n}\n.tab-pane h3 {\n color: #555;\n font-size: 17px;\n font-weight: 700;\n text-transform: uppercase;\n} \n</style>" } [/block] [block:callout] { "type": "info", "body": "Because the user's web browser will be redirected to Rublon servers in order to confirm the user's identity, the user should be logged out (if he/she was logged in before) to prevent creating a user session. Otherwise Rublon will not protect the user effectively, because returning to the integrated system before a proper Rublon authentication is performed may grant the user access to an active logged in session in the system. The user should be logged in only after a successful Rublon authentication." } [/block]