Yatta Checkout User Guide

Yatta Authentication

Using Yatta Authentication, you can implement an authentication process that fulfills the requirements of the OAuth 2.0 protocol.

When setting up Yatta Authentication, keep in mind the following two roles:

  • Client: Apps that use Yatta Authentication to handle user logins

  • User: People who use Yatta Checkout because they are vendor customers.

Setting up a client

The following procedure assumes you are a vendor and want to register and set up a client.

  1. Open the vendor portal and sign in with your Yatta account if prompted.

  2. In the menu on the left, click on Authentication.

  3. Click Create OAuth clientID.

  4. Enter the following for your OAuth client:

    • A client logo (.svg or .jpeg file, max 5 MB)

    • A display name

    • Any redirect URLs. (For example, in the demo app use http://localhost:8080/login/oauth2/code/yatta.)

      Note: When going live, remember to add redirect URLs for all systems using Yatta Authentication.

  5. Check the box to enable PKCE (Proof Key for Code Exchange) for each login (see https://oauth.net/2/pkce/ and web standard RFC 7636 for more information on PKCE).

  6. Click Save. Your Client ID (username) and Client Secret (passcode) are displayed at the bottom of the screen.

  7. The endpoint URLs (authorization endpoint, token endpoint and issuer endpoint) are also displayed below the Client ID and Client Secret. For a detailed description, see “Key Yatta Authentication endpoints.”

You are now ready to set up your application for Yatta Authentication!

Important: You will need your Client ID and Secret as well as the issuer URL and endpoints during the implementation. Below you'll find an example implementation using Spring Boot.

Key Yatta Authentication endpoints

Endpoint description URL
Authorization endpoint https://yatta.de/oauth2/authorize
Token endpoint https://yatta.de/oauth2/token
Issuer https://yatta.de
JSON Web Key Sets https://yatta.de/oauth2/jwks
OpenId configuration https://yatta.de/.well-known/openid-configuration

Testing Yatta Authentication

Note: We recommend reading the Spring Boot and OAuth 2.0 Tutorial if you would like to see a complete example implementation.

Use our demo app to quickly test Yatta Authentication. For this process, you only need your Client ID and Client Secret (see above).

  1. Clone the following GitHub repository: https://github.com/YattaSolutions/de.yatta.ide-intruders-webgame/

  2. Within this repository, access the subfolder /springboot-oauth2-client-sample/src/main/resources/ and open the file application.properties.

  3. Replace with your Client ID in the following code section.

  4. Replace with your Client Secret in the following code section:

  5. Save and close the file.

  6. Run the demo app in your IDE of choice or right from the command line with .

  7. Access the following address in your browser:

  8. You are now assigned user tokens for your users. These user tokens are used to authenticate their logins on the server. The tokens include:

    • User ID

    • User email address

    • User access token