PlanetGraph Login+
Turn every sign-up and login into richer context for your product.
Instead of starting with a blank profile, connect your app to a living graph where PlanetGraph records relationships for future insights.
| Benefit | Regular Login / Sign up | PlanetGraph Login+ |
|---|---|---|
| User information | Only what the login provider gives you (name, email, profile picture) | Rich context about the user and their relationships in the graph |
| Enrichment | Ask the user for more information or integrate with 3rd-party services | All-in-one: login / sign-up and enrichment are combined |
| Updates | Ask the user to update their information | PlanetGraph automatically updates user's information when it changes |
| De-duplication | Implement yourself | PlanetGraph automatically de-duplicates based on graph relationships |
Quick Start: Client-Side JavaScript
Use the hosted widget when you want to start PlanetGraph Login+ from inside your own app UI. The widget renders a PlanetGraph sign-in button and opens a PlanetGraph-hosted popup for the actual authentication flow.
<script
src="https://planetgraph.ai/widgets/login-plus.js"
data-app-id="APP_UUID"
data-button-text="Sign in with PlanetGraph">
</script>For single-page apps or custom UI, mount it explicitly and choose a result mode:
<div id="planetgraph-login"></div>
<script src="https://planetgraph.ai/widgets/login-plus.js"></script>
<script>
PlanetGraphLogin.mount('#planetgraph-login', {
appId: 'APP_UUID',
state: 'APP_GENERATED_STATE',
resultMode: 'web_message',
onSuccess(result) {
console.log(result.person_id)
console.log(result.login_token)
}
})
</script>Quick Start: Hosted Redirect
- Your app sends the user to
https://planetgraph.ai/login_with?app_id=YOUR_APP_UUID&state=YOUR_STATE. - The user signs up or logs in using their preferred provider.
- PlanetGraph fetches all the information it has on the user, subject to access policies, and links your app to the user.
- PlanetGraph redirects back to your specified callback URL with rich information on the user.
This hosted redirect flow remains supported. It is the simplest backend-oriented integration and requires a callback URL on the app node. It uses the same signed callback token as the JavaScript widget's default callback mode.
Managing Apps
Create and review PlanetGraph Login+ apps from the app dashboard. App definitions are graph nodes, so they can also be managed through the graph API.
apps My AppsApp Node Properties
| Property | Required | Description |
|---|---|---|
| name | Yes | Display name shown on the PlanetGraph Login+ page. |
| description | No | Short app description shown to the user before login. |
| logo_url | No | URL for the app logo displayed on the login page. |
| auth_methods | No | Allowed methods such as email, Google, and GitHub. Defaults to all methods. |
| permissions | No | Requested data permissions for the app. |
| allowed_origins | No | Browser origins allowed to start client-side JavaScript and web_message flows, such as https://client.example.com. |
| callback_url | No | URL on your server that receives the login result in hosted redirect or callback result mode. |
Callback
For callback result mode, PlanetGraph redirects the user's browser to your app's callback_url with an HTTP GET request. The callback data is sent as URL query parameters; no request body is sent.
If your callback URL already has query parameters, PlanetGraph preserves them and appends the login result parameters.
The optional state value is generated by your app before redirecting to PlanetGraph. PlanetGraph returns the same value in both the callback query string and signed token so your server can match the callback to the browser session that started the login.
| Query Parameter | Description |
|---|---|
| person_id | UUID of the PlanetGraph Person node for the authenticated user. |
| app_id | UUID of your PlanetGraph app node. |
| login_id | UUID of the logged_into edge for this login event. |
| auth_method | Authentication method used for this login. |
| state | Optional value supplied by your app and returned unchanged for callback/session matching. |
| login_token | Short-lived signed token your server should verify before trusting the callback. |
Security
Every callback includes a short-lived signed login_token. The token binds the Person ID, App ID, login ID, auth method, optional state, issue time, and expiration time to the callback so your server can confirm the login result came from PlanetGraph before trusting it.
Your callback handler should read the login_token and state from the callback query string, verify the token server-side, and confirm the returned state matches the browser session that initiated login before creating a session or updating local user data.
web_message mode sends the same signed login result to the opener window using postMessage. Use it for client-side personalization, prototypes, or flows that immediately forward login_token to your backend. Do not create a privileged or durable session solely from browser-delivered data.
/api/v1/login-with/callback-token/verifySubmit the login_token to verify the signature and expiration, then use the verified payload returned by PlanetGraph.
Endpoints
/api/v1/login-with/apps/{app_id}Read public app metadata for the login page.
/api/v1/login-with/apps/{app_id}/completeComplete an authenticated login and return either a callback redirect URL or a web_message payload.
/api/v1/login-with/callback-token/verifyVerify a signed callback token before trusting the login result.
/api/v1/login-with/appsList apps owned by the current PlanetGraph account.
/api/v1/login-with/appsCreate an app node configured for PlanetGraph Login+.