5.4. User Authorization Via a Password

This flow only applies to users who have already registered on their broker’s CRM system and within the cTrader backend.

User Authorization Flow

The user authorization flow includes the following stages,

  1. The user launches the cTrader application.

  2. The platform tries (and fails) to find an existing accessToken.

  3. Upon its failure to find a suitable accessToken, the platform opens the custom login/signup screen. Please, see above for the list of the optional parameters that this URL can be opened with.

  4. The user fills out the authorization form; upon success, they are authorized on their broker’s CRM system.

  5. The CRM finds the stored userId and generates an OT token.

  6. The user is redirected to the chosen success URL which also includes the OT token as a query parameter (token).

  7. When the app detects that the user has visited the success URL, it closes the web browser/iframe and stores the token.

  8. The application opens a new connection with the cTrader backend and sends an authorization request including the token as a parameter.

  9. The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).

  10. The broker’s CRM verifies the token and responds with userId and accessToken (*API call 4.2.).

  11. The cTrader backend authorizes the session under the provided userId and returns the accessToken to the application.

  12. The platform stores the accessToken for future usage.

  13. The application starts authorized communications with the cTrader backend.


Last update: September 26, 2022

Comments