Login Flow

Mini Apps platform requires merchant to **mandatorily integrate the login flow for Mini Apps**. Essentially merchant can not have a manual sign-in process for the user. e whenever in Mini Apps user credentials are needed call the paytmFetchAuthCode JS API to get the required details. Paytm will show a popup where users can explicitly provide their consent to proceed with the flow.

The flow for the same works like this:

1. User clicks on merchant's Mini Apps Icon and lands into the landing page.
2. User browses the catalogue/ adds items to their cart.
3. When user details are required call paytmFetchAuthCode JS APIand post user consent, login the user seamlessly.
4. Once the user is logged into merchant's system, they should manage their session by dropping/managing a secure HTTPS cookie so that there is no need of the authentication steps each time the user opens the Mini Apps.

Integrating Login flow in Mini Apps below steps:-

1. Calling paytmFetchAuthCode JS API at client end
2. Calling getAccessToken API S2S to getAuthToken
3. Calling getUserInfo API S2S to get user details of Paytm users

Paytm expects the merchant to handle all known scenerio arising in a login flow. Following are the scenerios possible:

Consent Allowed and all Profile Details Configured

• Merchant calls paytmFetchAuthCode JS API and user click on “Allow” in the consent popup. Merchant gets Auth Code as response and then seamlessly login the user, by fetching user details via S2S call.

Consent Allowed and Profile Details Incomplete

• There can be cases where users might not have Email/ Name configured in their Paytm account. For such cases the ideal flow is to fetch user details via S2S call and then if required, merchants may take input from the user to add Email/Name in the merchant account.

   

  Note: Paytm will soon develop Email/Name population flow to ensure all users providing consent have valid & complete profile details configured.

Consent Denied / User Press back on consent popup

• Merchant calls paytmFetchAuthCode JS API and user click on “Deny” in the consent popup. Mini Apps Platform mandates merchants to not allow any form of manual/ social login. To handle consent denied cases, merchant can handle this in the following proposed way:
  
  On click of Deny/Back Button paytmFetchAuthCode JS API will return error code "-1" based on that merchants can show a user friendly popup/toast stating something like “Consent is mandatory to proceed” and show CTA of OK/Cancel or Proceed/Exit. On tap of OK/Proceed call the paytmFetchAuthCode JS API again and in case of Cancel/Exit call popWindow JS API to take the user back to Paytm App.

   

  Note: If the user keeps on denying, it is advised to take user out of the Mini Apps after multiple denies.

User opens Mini Apps while logged out from Paytm

• There can be cases where a user is logged out from Paytm App and tries to open any Mini Apps. In such cases when a merchant calls paytmFetchAuthCode JS API, Paytm will show the user a login Popup. There can be following cases arising:

1. User logs in using the Login Popup: Paytm will then proceed with normal login flow: Show consent and proceed. Merchant does not need to do any exceptional handling for such a scenario.

2. User press Skip Login / Press Hardware back: In this case paytmFetchAuthCode JS API will return error code "-2" based on that merchants should show a user friendly text stating something like “Login in Paytm to Proceed with the Flow” with possible CTAs of OK/Cancel. On tap of OK call paytmFetchAuthCode JS API again and on tap of Cancel, call popWindow JS API to take the user back to Paytm App.