Stateless registration
Stateless registration is a special type of registration which does not work with browser registration and works only with Custom Identity Provider. Stateless registration does not create a user profile.
The Access Token created in the process has the Stateless type and is not stored in the user's device. This makes it possible to implement support for App2App authentication towards external identity schemas that do not allow you to make derived identities (like DigiD) in a custom registration script. This means the app will be registered "just in time" each times a user selects the custom registration method.
Stateless registration flow works the same as the other custom registration flows except the following.
- PIN creation is not triggered which means no PIN for the user session
- User Profile is not stored which results in limited SDK capabilities like Mobile authentication, Implicit authentication, Changing PIN is not possible.
- Refresh Token is not stored, which means that once expired, it cannot refresh itself anymore and user needs to register again.
To implement stateless registration,
- Enable ‘Stateless authentication’ in Access admin.
- Head to Configuration → Applications in Access Admin. Once there, you can create a new application or edit an existing one. Either way, to enable stateless authentication, under User authentication, enable ‘Stateless authentication’.
- To use stateless registration, first you need to add custom identity provider. More on custom identity providers can be found here.
- To register stateless user, you must call 'registerStatelessUser' method,
Stateless registration does not create profile id. The API returns ‘stateless’ as profileId to indicate as stateless flow and should not be used in other APIs.> > If stateless authentication is not enabled in Access admin, an error will be thrown while calling registerStatelessUser.