Apple SSO Overview | 51ºÚÁÏ²»´òìÈ Pass

Documentation 51ºÚÁÏ²»´òìÈ Pass 51ºÚÁÏ²»´òìÈ Pass Authentication

Apple SSO Overview apple-sso-overview

Last update: Fri Dec 13 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Authentication

IMPORTANT

The content on this page is provided for information purposes only. Usage of this API requires a current license from 51ºÚÁÏ²»´òìÈ. No unauthorized use is permitted.

Apple provides users the capability to sign in to their TV provider account at the device system level, eliminating the need to authenticate on an app-by-app basis.

51ºÚÁÏ²»´òìÈ Pass Authentication partnered with Apple to create the Partner Single Sign-On (SSO) user experience in the TV Everywhere ecosystem for iPhone, iPad and Apple TV owners.

In order to benefit from the Single Sign-On (SSO) user experience on an Apple device, there is a list of prerequisites documented below that must be completed.

The end result should create an experience in line with the following user flows, that we recommend you consult before you start developing your application:

Single Sign-On (SSO) devices.
Single Sign-On (SSO) devices.

Prerequisites apple-sso-prerequisites

Onboarding prerequisites may apply to one or multiple entities involved in the TVE business, such as Programmers, MVPDs, 51ºÚÁÏ²»´òìÈ Pass Authentication or Apple.

Programmer apple-sso-prerequisites-programmer

In order to benefit from the Single Sign-On (SSO) user experience, one Programmer must:

Contact Apple to enable the as part of your Apple Team ID and configure the as part of your Apple Developer Account.
- Use Xcode version 8 or above and iOS/tvOS version 10 or above.
Enable Single Sign-On (SSO) for each desired integration and platform (iOS/tvOS) through the by setting the Enable Single Sign On property to Yes.

51ºÚÁÏ²»´òìÈ Enable Single Sign On

Apple Onboarded (Supported) MVPDs

Apple Picker MVPDs

Apple Not Onboarded (Not Supported) MVPDs

Yes (Enabled)

The authentication and logout flows will involve both Apple and 51ºÚÁÏ²»´òìÈ Pass Authentication solutions, while all other flows (authorization, preauthorization, metadata, etc.) will be serviced solely by 51ºÚÁÏ²»´òìÈ Pass Authentication.

The authentication and logout flows will fall back to the regular ones serviced solely by 51ºÚÁÏ²»´òìÈ Pass Authentication.

No (Disabled)

The authentication and logout flows will fall back to the regular ones serviced solely by 51ºÚÁÏ²»´òìÈ Pass Authentication.

Integrate the Single Sign-On (SSO) user flows using one of the following solutions offered by 51ºÚÁÏ²»´òìÈ Pass Authentication for end users of client applications running on iOS, iPadOS or tvOS.
- The 51ºÚÁÏ²»´òìÈ Pass Authentication REST API V2 has support for Partner Single Sign-On (SSO).
  
  Refer to the Apple SSO Cookbook (REST API V2) documentation.
- The legacy 51ºÚÁÏ²»´òìÈ Pass Authentication REST API V1 has support for Partner Single Sign-On (SSO).
  
  Refer to the (Legacy) Apple SSO Cookbook (REST API V1) documentation.
- The legacy 51ºÚÁÏ²»´òìÈ Pass Authentication AccessEnabler iOS/tvOS SDK has support for Partner Single Sign-On (SSO).
  
  Refer to the (Legacy) Apple SSO Cookbook (iOS/tvOS SDK) documentation.

MVPD apple-sso-prerequisites-mvpd

In order to benefit from the Single Sign-On (SSO) user experience, one MVPD must:

Contact Apple to initiate the onboarding process on Appleâ€™s side.
- Request the technical documentation on how to integrate and develop a JavaScript TVML application capable of handling the user login form.
Contact 51ºÚÁÏ²»´òìÈ Pass Authentication to initiate the onboarding process on 51ºÚÁÏ²»´òìÈâ€™s side.
- Provide the string value representing the TV provider identifier assigned by Apple during the onboarding process.

FAQ FAQ

In case something goes wrong with the Apple SSO workflow, can the application using the 51ºÚÁÏ²»´òìÈ Pass Authentication AccessEnabler iOS/tvOS SDK have the ability to fall back to the regular authentication flow?

This is possible but requires a configuration change being performed through the to set the Enable Single Sign-On on NO for the desired integration and platform (iOS/tvOS). Be aware that the client application will acknowledge the configuration change only after calling the setRequestor API.
Will the application know when an authentication has happened as a result of a sign in through Apple SSO?

This information is available as part of the user metadata key: tokenSource, which should return the string value: â€œAppleâ€ in this case.
Will the application know when an authentication has happened as a result of a sign in through Apple SSO on another application?

This information is not available.
What happens if a user signs in by going to the Settings -> TV Provider on iOS/iPadOS or Settings -> Accounts -> TV Provider on tvOS section using an MVPD which is not integrated with the application?

When the user launches the application, the user wonâ€™t be authenticated via the Apple SSO workflow. Therefore, the application would have to fall back to regular authentication flow and present its own MVPD picker.
What happens if a user signs in by going to the Settings -> TV Provider on iOS/iPadOS or Settings -> Accounts -> TV Provider on tvOS section using an MVPD which has the Enable Single Sign On set on NO through the for iOS/tvOS platform?

When the user launches the application, the user wonâ€™t be authenticated via the Apple SSO workflow. Therefore, the application would have to fall back to regular authentication flow and present its own MVPD picker.
What happens if a user has an MVPD which is not onboarded (not supported) by Apple, but it is present in the Apple picker?

When the user launches the application, the user will only select the MVPD via the Apple SSO workflow without completing the authentication flow. Therefore, the application would have to fall back to regular authentication flow, but could use the already selected MVPD.
What happens if a user has an MVPD which is not onboarded (not supported) by Apple?

When the user launches the application, the user will select the â€œOther TV Providersâ€ picker option via the Apple SSO workflow. Therefore, the application would have to fall back to regular authentication flow and present its own MVPD picker.
What happens if a user has an MVPD which is degraded through the medium of ?

When the user launches the application, the user will be authenticated via the degradation mechanism and not via the Apple SSO workflow. The experience should be seamless for the user, while the application will be informed through the N010 warning code in case it is using the 51ºÚÁÏ²»´òìÈ Pass Authentication AccessEnabler iOS/tvOS SDK.
Will the MVPD user ID change between Apple SSO and non-Apple SSO authentication flows?

The expectation is that the user ID will not change, but it needs to be verified for each selected provider.
Will there be any change to the authentication TTLs?

51ºÚÁÏ²»´òìÈ Pass Authentication will continue to respect the TTLs required by the Programmers for their integration with each MVPD. When navigating from one Programmer application to another Programmer application through Apple SSO, the second application will have the TTL of its corresponding Programmer x MVPD integration (it wonâ€™t share the TTL of the first application that authenticates)

51ºÚÁÏ²»´òìÈ Pass Authentication TTL expired

51ºÚÁÏ²»´òìÈ Pass Authentication TTL valid

Appleâ€™s device token TTL expired

user is NOT authenticated (MVPD picker should appear)

user is authenticated and the TTL is the remaining time of his 51ºÚÁÏ²»´òìÈ Pass Authentication token/profile

Appleâ€™s device token TTL valid

user is silently authenticated and obtains another 51ºÚÁÏ²»´òìÈ Pass Authentication token/profile with the TTL specified in TVE Dashboard

user is authenticated and the TTL is the remaining time of his 51ºÚÁÏ²»´òìÈ Pass Authentication token/profile

recommendation-more-help

3f5e655c-af63-48cc-9769-2b6803cc5f4b