/
Authentication & Security

Authentication & Security

This section describes how the TIXNGO SDK integrates with your existing authentication system using OpenID Connect (OIDC), handles session and device management, supports secure logout mechanisms, and manages token lifecycle events in both online and offline scenarios.

Single Sign-On (SSO) Integration

The TIXNGO SDK is designed to work seamlessly with the Fan App’s authentication system through a customer-provided OpenID Connect (OIDC) Identity Provider (IDP). TIXNGO does not rely on AWS Cognito or manage user credentials.

Note: Authentication and authorization are fully delegated to the Fan App’s OIDC-based IDP. The SDK consumes valid tokens but does not handle login itself.

For a full implementation guide, refer to the Token Lifecycle and Integration section.

Registration Process

TIXNGO SDK leverages a dynamic registration configuration obtained from the TIXNGO Backoffice. The process consists of:

  • Configuration: The SDK queries the Backoffice to determine required registration fields (e.g., name, email, phone number) and whether they are optional or mandatory.

  • Validation: The SDK validates user input locally, ensuring all mandatory fields are completed and data is correctly formatted (e.g., valid email or phone number format).

  • Error Handling: If validation fails, the SDK will return an error response to the main app. This response will include details about which specific fields are missing or invalid. The Fan App must handle these error messages and prompt or redirect the user to provide the missing information.

User Login Behavior

SDK screens must only be accessible to Fan App logged-in users with TIXNGO tickets. The following two conditions must be matched:

  • User is authenticated: SDK screen should not be reachable to a anonymous user. If a user attempts to navigate to an SDK screen without being logged in (including using a deeplink), the Fan App must trigger a login flow (e.g., popup or full-screen login).

  • Use is eligible (has ticket): Post-login, the SDK enforces an access rule: only users who currently have or previously held at least one ticket in the TIXNGO system are allowed to access SDK screens.

    • If this condition is not met, the SDK will return:

      • errorCode: 403

      • errorMessage: "NO_TICKET_ELIGIBILITY"

The Fan App is responsible for:

  • triggering the login flow when needed;

  • gracefully handling the NO_TICKET_ELIGIBILITY error, for instance by displaying a friendly message and redirecting the user appropriately.

Session and Device Limits

To protect against misuse such as account sharing or device cloning, the SDK enforces configurable limits, defined in the TIXNGO Backoffice:

Maximum Concurrent Sessions

  • Prevents the same user from logging into multiple devices simultaneously

  • If the limit is reached, SDK returns:

    • errorCode: 403

    • errorMessage: "MAX_NUMBER_SECURITY_TOKEN"

  • Example: If the session limit is 2:

    • iPhone 12 → login ok

    • Android Pixel 6 → login ok

    • iPhone X → login ko (blocked)

Maximum Registered Devices

  • Prevents long-term abuse of account credentials across devices

  • If exceeded, SDK returns:

    • errorCode: 403

    • errorMessage: "TOO_MANY_REGISTERED_DEVICES"

The Fan App must listen to the SDK's onErrorHandler() callback and present relevant messages or actions to the user based on the error type.

Logout Handling

Standard Logout

  • When a user logs out of the Fan App, it must explicitly call the SDK’s logout method to ensure TIXNGO tokens, sessions, and cached data are also invalidated.

Forced Logout

Organizers can remotely log out users from the Backoffice dashboard. This is typically used for:

  • Session cleanup

  • Revoking access for suspicious users

 

 

© TIXNGO 2023 - Login