PBS KIDS GO! provides an extension to its authentication layer by allowing a trusted domain, called the Relying Party (RP), to send its authentication requests to a PBS KIDS GO! authentication page. Upon successful authentication the user is redirected to a page in the RP domain, which must confirm by making a server-to-server call to PBS KIDS, and then proceeds to initiate the RP login session.
By relying on PBS KIDS authentication the RP does not have to manage user credentials or keep a record of users. In fact, the RP is never given access the the user's login credentials. If the user is already logged in on PBS KIDS GO! by the time the user requests authentication on the RP, the user does not have to re-enter its credentials, and is sent to the RP login page automatically. After that, however, the two login sessions are completely separate; specifically, logging out of the RP session does not log the user out of the PBS KIDS GO! session and vice versa.
How to implement this module
- Contact Scott Cummings at firstname.lastname@example.org to request access.
- An RP page that requires authentication provides a link to the PBS KIDS GO! authentication page, passing along a destination parameter which indicates which page the user must be redirected to after successful authentication. (eg: http://pbskids.org/go/apps/auth/login?destination=http://mystation.org/log_me_in.php)
- The PBS KIDS GO! auth page redirects to the RP page, passing along the following parameters in the query string:
- u: the nickname of the user who just logged in
- token: an authentication token which must be verified
- t: the log in timestamp
- If the token is verified successfully, PBS KIDS returns user data along with PBS KIDS GO! user preferences which the RP can store for future use.
The RP must use these parameters to make a server call to PBS KIDS in order to verify the token. We provide a helper class (PBSKIDSUUA) to make this call for the RP.
Several examples can be found in the PHP library located in the following implementation guide. These are for demonstration purposes only; the scripts are not production ready.
Download this file and open the folder called Examples to see PHP examples.
The PHP examples are examples only and are not production ready.