Klarna Docs - Integrate with Klarna checkout

Integrate with Klarna checkout

Sign in with Klarna integrates with Klarna checkout, so users are authenticated only once during sign in and checkout.

The Sign in with Klarna access token is passed to Klarna checkout in order to skip a second authentication step for the user. The data from id_token generated in the Sign in with Klarna flow can be passed to prefill user data in Klarna checkout.

As a prerequisite, make sure Klarna checkout is integrated with your checkout. If this isn't the case, perform a Klarna checkout integration. 

To have Klarna recognize an authenticated user, you need to pass the OAuth access_token to the Klarna checkout API.

To do so, you need to get a new access_token first as the access_token has a short validity for security reasons.

Refresh tokens to retrieve a new access_token with a fresh validity.

Refresh tokens are valid for 60 days.

To use the refresh token for getting a access, refresh, and id tokens, the client needs to perform a token exchange through a POST request to the token endpoint https://login.klarna.com/{region}/lp/idp/oauth2/token.

To get a success response, include the following required parameters in your POST  request to the https://login.klarna.com/{region}/lp/idp/oauth2/token  endpoint.

ParameterDescription
refresh_tokenThe new token to be used for future refresh requests.
client_idThe client identifier of your application. It's the same client_id that is used with the SDK to sign in.
grant_typeAs defined in the OAuth 2.0 specification, this field must contain a value of refresh_token.

To refresh the tokens on playground, please use the following URLs.

EU: https://login.playground.klarna.com/eu/lp/idp/oauth2/token
NA: https://login.playground.klarna.com/eu/lp/idp/oauth2/token

Example of a refresh token request

JAVASCRIPT
POST /oauth2/token HTTP/1.1 
Content-Type: application/x-www-form-urlencoded
login.klarna.com/eu/lp/idp/oauth2/token?grant_type=refresh_token&refresh_token=my-old-refresh-token&client_id=my-client-id

Success response

Klarna responds to the request by returning a JSON object that contains the short-lived access_ token and long-lived refresh_token and id_token.

JSON
{
"id_token":"jwt-id-token",
"access_token":"jwt-access-token", 
"expires_in":299, 
"token_type":"Bearer", 
"refresh_token":"opaque-refresh-token" 
}

Refresh tokens can only be used once. For that reason, you have to replace the refresh_token you have used to make the refresh request with the new refresh_token returned in response to the request.

Pass the new access_token to Klarna checkout create order

Now that you have a fresh access_token, include it in the POST create order request to the Klarna checkout API. Add the key to the customer object as klarna_access_token key as shown in the example below.

If the klarna_acess_token is valid, the user will be recognized by Klarna checkout. Otherwise, the user will be asked to reauthenticate.

JSON
{
  ...
  "customer": {
    ...
    "klarna_access_token": "access_token"
    ...
  }
  ...
}