DataFirefly Social Connect — Documentation
Install and configure Google, Apple and Facebook social login: OAuth, analytics dashboard, welcome voucher, signed CRM webhook, GDPR.
Overview
DataFirefly Social Connect adds three social sign-in buttons (Google, Apple, Facebook) to PrestaShop 8 and 9, coupled with a full analytics dashboard. The module doesn’t just authenticate: it measures conversion, automatically issues welcome vouchers, feeds your CRM via a signed webhook, and stays 100% GDPR-compliant.
The goal is twofold: remove signup friction (one click instead of a form) and measure real business impact (clicks, conversions, revenue generated by social customers).
Installation
- Download the
dfsocialconnect.ziparchive from your customer account on datafirefly.com. - In the PrestaShop back office, go to Modules > Module Manager > Upload a module and drop the ZIP.
- Click Install. The module creates 5 tables (
ps_dfsc_identity,ps_dfsc_log,ps_dfsc_stats_daily,ps_dfsc_button_click,ps_dfsc_consent) and a hidden BO tabAdminDfSocialConnect. - Click Configure. You land on an empty dashboard — first data points appear as soon as a user clicks a social button.
The module is compatible with PrestaShop 8.0.0 through 9.99.99 and PHP 7.4 to 8.3. No external Composer dependency is required: a minimal PSR-4 autoloader is included.
Provider configuration
Each provider requires OAuth credentials obtained from its developer console. The module displays the exact callback URL to paste into each console — this is the most important step: any typo causes a redirect_uri_mismatch error.
Google OAuth2 / OpenID Connect
- Go to https://console.cloud.google.com/apis/credentials.
- Create or select a project, then click Create credentials > OAuth 2.0 Client ID.
- Application type: Web application.
- Under Authorized redirect URIs, paste the URL shown in the “Providers” tab of the module configuration (format:
https://your-shop.com/module/dfsocialconnect/callback?provider=google). - Copy the Client ID and Client Secret and paste them into the module.
- Enable the “Google enabled” toggle.
Apple Sign In
- Go to https://developer.apple.com/account/resources/identifiers/list (paid Apple Developer account required).
- Create a Services ID (not an App ID). Note its identifier — that’s your Client ID.
- Enable Sign In with Apple on this Services ID, configure your shop domain and paste the callback URL shown by the module (provider=apple) as the Return URL.
- Under Keys, create a new key with Sign In with Apple enabled. Download the
.p8file — you will never be able to retrieve it again. - Get your Team ID (top right of the Apple console), your Key ID (the identifier of the key created in step 4) and the full content of the .p8 file (including the BEGIN PRIVATE KEY and END PRIVATE KEY lines).
- Paste all 4 fields into the module configuration (Services ID, Team ID, Key ID, .p8 content).
- Enable the “Apple enabled” toggle.
The module signs the ES256 client_secret JWT on the fly and automatically regenerates it every 5 months (Apple’s maximum allowed validity is 6 months). No manual rotation required.
Facebook Login
- Go to https://developers.facebook.com/apps.
- Create a new app of type Consumer.
- In Add products, add Facebook Login.
- Under Facebook Login > Settings, paste the callback URL shown by the module (provider=facebook) into Valid OAuth Redirect URIs.
- Get the App ID and App Secret under Settings > Basic and paste them into the module.
- Enable the “Facebook enabled” toggle.
The module uses Graph API v19.0 and automatically enables appsecret_proof, which prevents replay of a stolen access token by requiring an HMAC signature of the app secret.
Behaviour tab
This tab controls what happens once social login succeeds.
- Auto-link by verified email — if the email returned by the provider is marked verified and matches an existing customer account, the module automatically links the provider to that account instead of creating a new one. Recommended: ON.
- Import avatar — downloads the profile picture into
/img/dfsc/avatars/<id_customer>.<ext>(2 MB limit, JPEG/PNG/WebP MIME whitelist). Survives provider CDN expiry. - Welcome voucher — for each new account created via social login, the module creates a single-use PrestaShop CartRule for the customer. Configure the prefix (default
WELCOME), amount and validity duration. - Customer group per provider — assign a PrestaShop group ID to each provider (Google / Apple / Facebook). Useful to segment your marketing campaigns by origin.
- Default newsletter opt-in — if enabled, the created customer is marked as subscribed (only enable this if your process includes a GDPR-compliant double opt-in).
- Rate limiting — maximum number of attempts per IP in a 15-minute window. Default: 30. Beyond that, the user receives a “Too many attempts” message.
- Log retention — number of days to keep raw logs (
ps_dfsc_logandps_dfsc_button_click). The daily rollup (ps_dfsc_stats_daily) is kept indefinitely and powers the dashboard.
Appearance tab
Choose the visual rendering of the buttons:
- Style — 5 variants: rounded (default, 8 px corners), pill (fully rounded), square (sharp), ghost (transparent with border), minimal (compact).
- Label mode — 3 modes: Continue with X (default, neutral), Sign in with X (login page), Sign up with X (signup page).
- Show on login page and Show on signup page — independent toggles.
- My account widget — displays a “Connected accounts” section in the customer area, letting them link or unlink each provider at any time (GDPR requirement).
Analytics dashboard
The first tab of the configuration aggregates stats over a 30-day rolling window by default (configurable).
- 4 KPI cards — Successful logins, Button clicks, New customers created, Failures.
- Time-series curve — successful logins per day, split by provider (Google blue, Apple black, Facebook Meta blue).
- Provider split — Chart.js doughnut with each provider’s percentage.
- Conversion rate per provider — click vs successful login. Identifies a misconfigured provider (abnormally low rate).
- Device and browser breakdown — bar chart aggregated over the window.
- Day × hour heatmap — 7 × 24 grid in 7 shades of blue. Identify usage peaks to fine-tune your campaigns.
- Social penetration — percentage of your customer base that has at least one provider linked.
- Revenue generated by social customers — sum of paid orders from customers created via social login, computed by SQL JOIN on
ps_orders.
CRM webhook
On each successful login or account link, the module can send an HTTP POST request to a URL of your choice, in fire-and-forget mode (your endpoint’s response time does not affect user login time).
- Webhook URL — HTTPS endpoint recommended. Make, n8n, Zapier or your in-house stack.
- Shared secret — used to sign the payload via HMAC-SHA256. The signature is sent in the
X-Dfsc-Signatureheader. On the receiving side, recompute the HMAC over the raw body to validate authenticity.
Sample payload:
{
"event": "social_login_success",
"provider": "google",
"id_customer": 1234,
"email": "marie.dupont@example.com",
"is_new_account": true,
"ip": "203.0.113.42",
"timestamp": 1748378400
}
GDPR and consent
The module is designed to be GDPR-compliant by design:
- On each social login, a row is inserted into
ps_dfsc_consentwith timestamp, IP, user agent and provider — that’s your audit trail. - The “Connected accounts” widget in My account lets the customer unlink a provider at any time.
- Uninstalling the module cleanly removes the 5 tables and all configuration keys. Customer accounts stay intact.
- No OAuth secret ever travels in clear: all exchanges go through HTTPS and the Apple JWT is signed locally with your .p8 key.
Uninstall
From Modules > Module Manager, uninstall the module. The process:
- Removes the 5
ps_dfsc_*tables. - Removes the
AdminDfSocialConnectBO tab. - Removes all
DFSC_*configuration keys. - Customer social links are erased but customer accounts and their orders stay intact. Cached avatars in
/img/dfsc/avatars/are removed.
Troubleshooting
“redirect_uri_mismatch” error (Google) — the URL pasted into the Google console does not match exactly the one shown by the module. Check the scheme (https), domain (with or without www), and full path. No trailing characters (slash, space).
“invalid_client” error (Apple) — your client_secret JWT is invalid. Common causes: wrong Team ID or Key ID, truncated .p8 content (check the BEGIN/END PRIVATE KEY lines), or Services ID confused with App ID.
“Invalid OAuth access token signature” error (Facebook) — your App Secret is wrong. Regenerate it from Settings > Basic and paste it again.
“Too many attempts, please wait” — rate limiter triggered. Either wait 15 minutes or raise the threshold in Behaviour.
Stats don’t go up — check that ps_dfsc_button_click receives rows (a click in incognito mode should be enough). If nothing is written, the front controller is likely unreachable: check your URL rewriting rules.
The welcome voucher is not created — check that the feature is enabled in Behaviour, that the amount and prefix are set, and that the customer account was actually created (not just linked to an existing one — auto-link does not issue a voucher).