How Do User Authentication Mechanisms Work in the Genuin SDK?

Overview

User authentication is a critical part of integrating the Genuin SDK into your mobile or web applications. It ensures that users can securely access community features while maintaining a seamless experience across your digital ecosystem.

To support different product architectures and login systems, Genuin provides three primary authentication mechanisms:

Single Sign-On (SSO)
Auto Login
Bypass Login

Each method supports different integration scenarios depending on whether your platform already has a login system, uses OAuth-based authentication, or requires a lightweight authentication layer.

This guide explains how these mechanisms work and how they apply to mobile and web application integrations.

What Authentication Options Are Available in the Genuin SDK?

1. Single Sign-On (SSO)

What Is SSO?

Single Sign-On (SSO) allows users to authenticate once and then access multiple applications or properties without repeatedly entering credentials.

This is especially useful for brands operating multiple owned and operated (O&O) digital properties, such as:

Mobile apps
Websites
Community platforms
Commerce experiences

Once SSO is configured, users logged into one property can seamlessly access the community powered by Genuin.

How SSO Works in Genuin

If your organization uses OAuth-based authentication, SSO can be configured directly inside the:

Brand Control Center

After configuration, the SDK automatically authenticates users through your existing identity provider.

Typical Implementation Flow

Configure SSO settings inside the Brand Control Center.
Connect your authentication provider.
Configure OAuth or OIDC endpoints.
Add callback URLs to your authentication provider.
Test login and authentication flows.

Once configured, users authenticated in your ecosystem will not need to log in again when accessing Genuin-powered experiences.

When Should You Use Auto Login?

2. Auto Login

What Is Auto Login?

Auto Login is used when your application already has its own authentication infrastructure, but does not rely on OAuth-based SSO.

Instead of redirecting users to an external login provider, your system verifies users using a secure authentication API.

How Auto Login Works

In this setup:

Your app authenticates the user using your existing login system.
Your system generates an authentication token.
The token is passed to the Genuin SDK.
The SDK verifies the token through your authentication API.
The user session is created inside the Genuin platform.

Key Requirement

You must provide:

A secure authentication API endpoint that verifies user tokens.

Once verified, the SDK allows the user to access community content and interactions.

What Is Bypass Login?

3. Bypass Login

When Should Bypass Login Be Used?

Bypass Login is designed for applications that do not have an existing login or signup system but still want users to authenticate before engaging with community features.

Instead of requiring a full authentication infrastructure, Genuin provides a built-in login experience.

How Bypass Login Works

When Bypass Login is enabled:

The SDK displays a white-label login or signup popup.
Users authenticate directly through the Genuin interface.
Authentication data is returned to your system’s data warehouse.

This approach allows brands to enable authentication without building a custom login system.

Optional Configuration

If authentication is not required at all:

How Does Authentication Work in Mobile Apps?

Authentication flows vary depending on whether your mobile application already includes a login system.

Case 1: Apps With Existing Login/Signup Systems

Scenario A: Your Own Login System

If users can browse content without logging in but must log in before interacting:

The SDK triggers a callback to your app
Your app prompts the user to authenticate

Example interaction triggers include:

Commenting on videos
Reacting to content
Creating posts

Scenario B: Login With SSO

If your app requires login before accessing any content:

Implement SSO using OAuth
Configure the integration in the Brand Control Center

Once authenticated, users automatically access the community.

Scenario C: Auto Login

If your platform has its own login system but does not use OAuth:

Pass your user authentication token to the Genuin SDK.
The SDK validates the token through your authentication API.

Case 2: Apps Without Login Systems

If the application has no login infrastructure:

The SDK displays a white-label login/signup popup.

Genuin then:

Authenticates the user
Stores authentication data
Returns relevant user data to your ecosystem through your data warehouse.

How Does Authentication Work in Web Applications?

Web applications follow a similar authentication structure.

However, when SSO is configured in the Brand Control Center using OAuth, no additional authentication configuration is required for web apps.

Web Apps With Login Systems

Your Own Login System

If users can browse content but must log in to interact:

Genuin triggers a callback
Your web app handles authentication

Auto Login

If authentication is mandatory:

Your web app authenticates the user.
The authentication token is passed to the Genuin SDK.
The SDK validates the token and creates the session.

Web Apps Without Login Systems

If authentication is required but the web application has no login system:

The SDK displays a white-label login/signup popup.

If authentication is not required:

SSO Configuration

SSO is configured through Settings > Setup Single Sign-On (SSO) in the Brand Control Center using OAuth or OIDC. This requires identity provider credentials, user attribute mapping, and callback URL configuration.

For complete setup instructions, see: Can Your Users Log in Seamlessly Across Your Brand Ecosystem Using SSO?

How Does the Auto Login Authentication Flow Work?

When Auto Login is implemented, authentication follows a secure multi-step process involving several system components.

Key System Components

User – End user accessing the application
Mobile or Web App – Client application
Genuin SDK – Embedded software layer
Genuin Backend – Authentication and content services
Authentication API – Your authentication service
Data Warehouse – Analytics and data storage system

Authentication and Content Flow

1. Login Initialization

The user logs into your application.The app initializes the Genuin SDK using the user authentication token.

2. Token Verification

The SDK sends an authentication request to the Genuin backend.

The token is validated through:

Device middleware
Your authentication API

The API returns user details including:

Member ID
Email
Name

3. User Profile Handling

Depending on the user status:

New users

A new user profile is created in the Genuin system.

Existing users

The session is refreshed.

A Genuin authentication token is generated for both cases.

4. Content Delivery

Once authentication is complete:

The backend sends the session token to the SDK.
The SDK establishes the authenticated session.
Community content is streamed to the application.
The user can view and interact with content.

5. User Interaction Tracking

User interactions are captured and sent to the Genuin backend, including:

User actions
Content IDs
Timestamps

6. Analytics Integration

Interaction data can be pushed to analytics platforms such as: Mixpanel

This enables tracking of:

User engagement
Session activity
Content performance

Security Considerations

Authentication within the Genuin SDK follows standard security practices:

Authentication tokens are securely transmitted
User data is encrypted during transfer
Session management follows secure authentication protocols
API errors are captured and communicated through the SDK

These measures ensure that user authentication remains secure, scalable, and reliable across both mobile and web integrations.