Authentication-Authorization flow


The purpose of the Authentication flow is to identify and authenticate the user to the Payment Integrator (integrator).

The most common use of authentication is as a precondition input to other methods, notably, generateDirectDebitAuthorization. The output of the authentication-authorization, which is authentication proof is used as an input (parameter) to the above mentioned method.

Modes of Authentication-Authorization

Google Standard Payments supports authentication-authorization via Redirect Authentication-Authorization.

Redirect Authentication-Authorization

Redirect authentication occurs when Google redirects the user to an integrator- owned property(e.g. web app or Android app) to perform the authentication. Once finished the app must redirect back to Google. That application could be a web application, Android application or both.

Providing a mobile web and desktop web authentication flow will allow the integrator to reach all users on supported platforms. The integrator can optionally support the Android application redirect as well. Google strongly recommends that integrators support the Android application as it provides the best user experience resulting in the highest conversion rate. The parameters passed to the web application and the Android application are the same. The web application redirect uses an HTTP GET redirect with parameters encoded in the URL. For more details on this encoding see Web Authentication .

The result from each of these authentication mechanisms is a signed response called the AuthenticationAuthorizationResponse . Returning this response to Google signals to Google that the authentication-authorization was successful. When used in standalone mode, the gspResult and signature are used to determine successful authentication-authorization.

To authenticate a flow (e.g. capture), the authentication requestId (from the AuthenticationAuthorizationRequest) is used as proof of authentication-authorization.

The following sequence diagram shows the interaction between the user's browser, Google, and the integrator's web application:

Web Authentication-Authorization Sequence Diagram

The Android authentication-authorization flow uses an Android Intent to redirect the user. For more details on the Intent parameters, see Android Authentication .

The following sequence diagram shows the interaction between the user's phone, Google, and the integrator's Android application:

Android Authentication Sequence Diagram