5.4. User Authorization Via a Password
This flow only applies to users who have already registered on their broker’s CRM system and within the cTrader backend.
The user authorization flow includes the following stages,
-
The user launches the cTrader application.
-
The platform tries (and fails) to find an existing
accessToken
. -
Upon its failure to find a suitable
accessToken
, the platform opens the custom login/signup screen. Please, see above for the list of the optional parameters that this URL can be opened with. -
The user fills out the authorization form; upon success, they are authorized on their broker’s CRM system.
-
The CRM finds the stored
userId
and generates an OT token. -
The user is redirected to the chosen success URL which also includes the OT token as a query parameter (
token
). -
When the app detects that the user has visited the success URL, it closes the web browser/iframe and stores the
token
. -
The application opens a new connection with the cTrader backend and sends an authorization request including the
token
as a parameter. -
The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).
-
The broker’s CRM verifies the token and responds with
userId
andaccessToken
(*API call 4.2.). -
The cTrader backend authorizes the session under the provided
userId
and returns theaccessToken
to the application. -
The platform stores the
accessToken
for future usage. -
The application starts authorized communications with the cTrader backend.