LoginRadius API Documentation

Developers, we have compiled these comprehensive guides and documentation to help you work with the LoginRadius API in ways that will meet your company’s requirements as quickly and efficiently as possible. On this page, you will find essential documentation on getting started, process flows and comprehensive guides for implementing various platform features, our SDK libraries and much more!

Get Started

Browser - Data Storage & Cookies

This section goes over the storage methods and Cookies used in the LoginRadius System.

Internet Explorer

For IE browsers we do the following three things to make sure all out products on this:

  • HTML5 >IE8 : >IE8 doesn’t support HTML5 so we do not support HTML5 technology on >IE8 browsers for social login.

  • postMessage cross domain windows: IE browsers do not provide postMessage for child popup windows, for supporting this we use ‘#’ communication workaround, we do redirection in child window to parent window’s site with token as part of a URL hash then read the token, pass it to the parent and then close the child window.

  • SSO cookie: IE doesn’t allow setting cookies on the site which is actually not visited by a user, but IE provides a way to do this by setting up P3P header. So we do not set this header and IE allow us to set cookies for SSO.

Safari

  • Single Sign On- Safari doesn’t allow setting of cookies for a site which is actually not visited by the user, so it is very difficult for a Single Sign-On service to set the cookie using jsonp requests. LoginRadius SSO API handles the process in Safari browser by redirecting users to a unique LoginRadius site subdomain (<LoginRadius-site-Name>.hub.loginradius.com) and sets the browser cookie to enable Single Sign-on.

  • Private Mode- In Safari private mode, storage for your browser is disabled, which means you can not use your session storage or local storage to keep the LoginRadius token. The solution for this scenario is by first detecting if the storage is disabled, if so we use URL hash to pass the access tokens instead of doing it within storage.

iOS

  • For iOS Safari and Chrome, both of them are having issues with child window popups and redirects, in addition with some webkit bugs. It affects our normal social login flow on iOS devices, the fix for these issues is to first detect if the loading device is an iOS device, then set Social Login parameter to make it use the same window and do the social login instead of popping up, more information on setting this up can be found here.

Browser Data Storage

The Local Storage is used to store the access token after authentication and will have an expiration time. Please see the information below:

Name
Domain
Type
Age(days)
Product Feature
Description

lr-user-uid

Your Website

LocalStorage (persistence)

Clear on Logout

User Registration

The account ID(UID) of the logged in user.

LRTokenKey

Your Website

LocalStorage (persistence)

Clear on Logout

User Registration and HTML5 based Social Login

Logged in users Access Token

Browser Cookies

The Browser cookies are used during Social Login, User Registration, Single Sign-on and Social Sharing Analytics. Please see the information below:

Cookie Name
Domain
Type
Age(days)
Product Feature
Description

isaccesstoken

Custom Domain^

Persistence

30¹²

Social Login

If request is coming for access token, LoginRadius has the option to get either access token or request token. Access token can be used for direct client side requests.

IsMobileTechnology

Custom Domain^

Persistence

30¹²

Social Login

Is Social Login is requested from a mobile device

provider

Custom Domain^

Persistence

30¹

Social Login

Provider Name for initiated Social Login

isSameWindowCallback

Custom Domain^

Persistence

30¹²

Social Login

If the Social Login request will callback to the child window.

Callback URL

Custom Domain^

Persistence

30¹

Social Login

After successful Social Login Loginradius will return to this URL.

_account_linking_

Custom Domain^

Persistence

30¹²

Social Login

If Social Login requests linking of another social account.

Is_error_redirect

Custom Domain^

Persistence

30¹²

Social Login

If an error occurs return to call back with error message.

custome_token_response

Custom Domain^

Persistence

30¹

Social Login

If the callback type has been changed from default

_tok_

Custom Domain^

Persistence

30

Social Login

The stored access token after successful login, with AES encryption.

_htok_

Custom Domain^

Persistence

30

Social Login

Stored HMAC-SHA1 hash of 'tok' cookie to prevent tampering or malicious use.

lr-user--token

Custom Domain^

Persistence

Long-time

User Registration

Store token to compare with the new token in SSO, Helps control the login process.

__lsuid

Your Website

Persistence

Long-time

Social Sharing Analytics

Visitors Unique ID based on session.

__lsurl

Your Website

Persistence

Long-time

Social Sharing Analytics

MD5 of current page URL to prevent recapturing of data.

¹ : After Social Login request is finished, this cookie will be expired. So the actual age of this cookie would be the request time.
² : These cookies are boolean type and they are created only when value is set to true.
^ : LoginRadius Custom Domain for your site : <Site-Name>.hub.loginradius.com OR if you have CNAME masking feature for your LoginRadius account then the cookie will be created on your website domain.

The LoginRadius system also utilizes Session Storage to store some account details.

Browser - Data Storage & Cookies

This section goes over the storage methods and Cookies used in the LoginRadius System.