Customer Login by Token
The necessity of worldwide availability brought the B2B industry one step closer towards a more convenient and consistent user experience across a variety of e-commerce providers. The way you allow your customers to authenticate is one of those components playing an important role in the user experience. By dynamically generating a token, a user is able to log in with a pre-defined company user to a new e-commerce provider. All this happens without sharing the login information (username and password) with the e-commerce provider or having to fill-out a tedious sign-up form.
Most modern e-commerce applications allow customers to log in by token or, in other words, they support token-based authentication. They do so for several good reasons:
- Tokens are stateless: They are stored on the client side and already contain all the information they need for authentication. No session information on the server is great for scaling your application.
- Tokens are secure: Tokens (not cookies) are sent on every request, which helps to prevent attacks. Since the session is not stored, there is no session-based information that could be manipulated.
- Extensibility and access control: In the token payload, you can specify user roles, permissions as well as resources that the user can access. Besides, you can share some permissions with other applications.
If you are: