Overview
The purpose of the Authentication flow is to identify and authenticate the user to the Payment Integrator (integrator).
The most common use of authentication is as a precondition input to other
methods, notably,
generateDirectDebitAuthorization
.
The output of the authentication-authorization, which is authentication proof is used as an
input (parameter) to the above mentioned method.
Modes of Authentication-Authorization
Google Standard Payments supports authentication-authorization via Redirect
Authentication-Authorization
.
Redirect Authentication-Authorization
Redirect authentication occurs when Google redirects the user to an integrator- owned property(e.g. web app or Android app) to perform the authentication. Once finished the app must redirect back to Google. That application could be a web application, Android application or both.
Providing a mobile web and desktop web authentication flow will allow the integrator to reach all users on supported platforms. The integrator can optionally support the Android application redirect as well. Google strongly recommends that integrators support the Android application as it provides the best user experience resulting in the highest conversion rate. The parameters passed to the web application and the Android application are the same. The web application redirect uses an HTTP GET redirect with parameters encoded in the URL. For more details on this encoding see Web Authentication .
The result from each of these authentication mechanisms is a signed response
called the
AuthenticationAuthorizationResponse
. Returning this response to Google signals to
Google that the authentication-authorization was successful. When used in standalone mode,
the gspResult
and signature are used to determine successful authentication-authorization.
To authenticate a flow (e.g. capture), the authentication requestId
(from the
AuthenticationAuthorizationRequest
)
is used as proof of authentication-authorization.
The following sequence diagram shows the interaction between the user's browser, Google, and the integrator's web application:
The Android authentication-authorization flow uses an Android Intent to redirect the user. For more details on the Intent parameters, see Android Authentication .
The following sequence diagram shows the interaction between the user's phone, Google, and the integrator's Android application: