This method of authentication is recommended for clients that do not have access to secure storage, as the authentication token is stored in a secure HTTP-only cookie.
Providing this cookie with subsequent requests works as an alternative to the LoyaltySessionToken HTTP header.
Sign out is handled by the ExpireAuthenticationCookie method.
When using cookie-based authentication, the API will automatically refresh the cookie when the access token has expired.
In addition to the authentication cookie, a second vista-loyalty-member-is-authenticated cookie is returned that can be used by the client to detect whether the patron is authenticated.
Data is to be provided as application/x-www-form-urlencoded form parameters in the format of member authentication request
Currently, the external_issuer grant type will fail if the provided external authentication token can not be linked to a single Loyalty
member, and as such is unsuitable for social sign in flows.
LockOutPeriodInSeconds property will only be present on the response object if the response has the error code 32000.
Member authenticated cookies created.
The provided grant type, credentials, or refresh token are invalid.
Member locked. Try again later.
{- "type": "string",
- "status": 0,
- "title": "string",
- "detail": "string",
- "instance": "string",
- "correlationId": "string",
- "errorCode": 0,
- "lockOutPeriodInSeconds": 0
}