¶ 5.3. User Creation Flow
The following figure summarises the SSO (OAuth) user creation flow.
The user creation flows passes through the following stages.
-
The user launches the cTrader application.
-
The platform tries (and fails) to find an existing
accessTokenlocally. -
Upon its failure to find a suitable
accessToken, the platform opens the custom login/signup screen with thefirstLoginparameter equallingtrue. -
The user interacts with the login/signup screen, fulfills their broker’s requirements, and successfully registers on the broker’s CRM.
-
The broker’s backend sends a user creation request to the cTrader backend via API call 3.2.
-
On success, the cTrader backend creates a new user and sends a response containing the
userIdAPI call 3.2. -
The broker’s client area stores the link between the ID of its internal user and the
userId. -
(Optional) The user confirms the agreement forwarded by the broker (API call 3.13.).
-
Following successful user creation, the web browser automatically opens the custom account creation screen. After the account creation form is submitted, a corresponding request is sent to the broker’s backend.
-
As per API call 3.3., the broker’s CRM system submits a request for a trading account creation to the cTrader backend. On success, the cTrader backend sends a request containing the account
login. -
The broker’s client area sends a request for account linkage; upon its fulfilment, the cTrader backend produces a confirmatory response (API call 3.4.).
-
A record of the new trading account is stored in the broker’s CRM system. Subsequently, the CRM system generates a corresponding OT token.
-
The user is redirected to the chosen success URL which also includes the OT token as a query parameter (
token). -
As soon as the user visits the success URL, the application closes the web browser and stores the token.
-
The application opens a new connection with the cTrader backend and sends an authorisation request including
tokenas a parameter. -
The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).
-
The broker’s CRM verifies the
tokenand responds withuserIdandaccessToken(API call 4.2.). -
The cTrader backend authorizes the session under the provided
userIdand returns theaccessTokento the application. -
The platform stores the
accessTokenfor future usage. -
The application starts authorised communications with the cTrader backend.