Returning users
Learn how user tokens provide a seamless Argyle Link experience.
By initializing Argyle Link with a user token in your configuration, users can exit and return to Argyle Link with their progress and account details preserved:
- Users will not need to re-enter already provided login credentials
- Users can return to Argyle Link from any device and resume their current session
- You prevent duplicate users being created for the same end user
Common use cases#
Reconnecting accounts#
If a user's previously connected payroll account becomes disconnected:
- Initialize Argyle Link by deep linking the user directly to the disconnected account, with a user token included in your configuration
- The user simply has to select Reconnect, allowing them to re-authenticate their account without the need to re-enter login credentials
- Once the account is reconnected, Argyle will resume retrieval of payroll data from the account
The frequency of account disconnections depends on the connected account's payroll system. Some payroll systems have connection timeouts, while others can require re-authentication if the user has logged in recently from another device.
Direct deposit updates#
Depending on your use case (e.g. paycheck-linked lending) you may want users to initially connect their payroll accounts through Argyle Link, return to your website or application for additional steps, and then return to Argyle Link to make a direct deposit update.
In this case, include a user token in your configuration when initializing Argyle Link for direct deposit updates.
User account management#
Allow users to return to Argyle Link from your website or application so they are able to:
- Connect additional payroll accounts (for example, if the user has a new job)
- Make changes to their direct deposit settings
- Revoke access at any time to their connected payroll accounts
Completing MFA#
Some payroll systems require multi-factor authentication (MFA) when a payroll account is connected from a new device, or changes are made to a user's direct deposit settings.
Including a user token in your Argyle Link configurations allows the user to seamlessly exit, retrieve any information necessary for the MFA process, and return to Argyle Link to complete MFA.
Best practices#
Argyle recommends always including a user token in your configuration when Argyle Link is initialized for a user, including new users.
A new user token should be generated every time you are initializing Argyle Link for a user. For security purposes, user tokens are short-lived and will expire.
Beyond security benefits and providing users with a more consistent experience, this helps prevent duplicate accounts being created for the same end user. When Argyle Link is initialized without a user token, the user will be considered a new user and a new user object will be created.
Following a transition period beginning Q1 of 2023, user tokens will be required in all Argyle Link configurations.
Creating a user token#
Ensure user tokens are requested on your server side to prevent your API key and secret from being exposed on the front-end.
Returning users#
- Send a POST request to the
/user-tokens
endpoint and include theid
of the user in the request body as a JSON object in the format{"user": "<id>"}
- The response payload will include an
access
andrefresh
token - Initialize Argyle Link using only the
access
token as the user token
New users#
- Create a new user by sending a POST request to the
/users
endpoint - The response payload will include a
token
andid
- Save the
id
for quickly creating user tokens for returning users in the future - Initialize Argyle Link using the
token
as the user token
Example configurations#
1<!DOCTYPE html>
2<html>
3
4<head>
5 <meta charset="utf-8" />
6</head>
7
8<body>
9 <script src="https://plugin.argyle.com/argyle.web.v3.js"></script>
10 <script type="text/javascript">
11 const argyle = Argyle.create({
12 linkKey: 'YOUR_LINK_KEY', // Link keys can be found in Console
13 apiHost: 'https://api-sandbox.argyle.com/v1', // Sandbox environment. Can be changed to the Production environment.
14 userToken: 'USER_TOKEN' // Insert the new user token here
15 })
16 argyle.open()
17 </script>
18</body>
19
20</html>
Decoded tokens#
Argyle utilizes JWT tokens for user tokens.
For troubleshooting, JWT tokens can be decoded. However, we do not recommend monitoring individual token fields such as expiry date, and instead recommend creating a new user token every time Argyle Link is to be initialized as a best practice.
Decoded JWT token payload:
1{
2 "client_id": "0d9b5bf3-97fa-4757-a136-b2a03d171414",
3 "exp": 1652481485,
4 "iat": 1649889485,
5 "iss": "argyle-core-auth-prod",
6 "jti": "00097a26-2f2a-4aa0-8eca-95ebe56d57a8",
7 "sub": "017f8978-bbfd-ff64-18ce-d59f99bf51c2",
8 "user_id": "017f8978-bbfd-ff64-18ce-d59f99bf51c2"
9}
client_id
- client's unique identifierexp
- expiry date in seconds Unix timeiat
- issue date in seconds Unix timeiss
- issuer of the tokenjti
- unique token idsub
- subject of the token (user_id
)user_id
-user_id
of the user
Returning Users sample app#
Our Returning Users Sample App features a live demo of how Argyle Link will appear for returning users across different use cases.