My angular app uses auth0 for authentication. Earlier, it used the lock widget to show the login dialog. Now I am migrating to auth0-js, as specified in this guide.
Earlier, I could customize the lock widget and provide my own logo and theme color by following parameters.
theme: {
logo: 'assets/images/mylogo.png',
primaryColor: '#0275d8'
},
But, I cannot find anything similar in auth0-js.
Is there any way I can provide a custom log to the login screen?
Auth0.js - Client Side Javascript toolkit for Auth0 API access.
https://github.com/auth0/auth0.js
You can think of auth0.js as "headless". It does not offer any look & feel customization, instead you integrate it with whatever custom UI solution you are using.
Lock - Authentication broker that supports authentication via username / password, social as well as enterprise identity providers.
https://github.com/auth0/lock
Lock offers a UI "widget" right out of the box, and then allows you to add settings that customize that UI (login, signup, forgot password, additional connnection types etc)
So your decision is really Lock vs. Custom UI - the Auth0 docs offer some good advice here to help you make the right decision.
https://auth0.com/docs/libraries/when-to-use-lock
Related
I am experienced Java backend developer, but an absolute novice with front-end and now I am trying to do web app with Vaadin for the first time in my life.
I got an idea how to create a main view but stumbled on login implementation.
In my application login is not mandatory. If user is not logging in it shall allow him to view the data in grid format and by clicking on a record get some additional details.
If user wants more functionality he is suppose to login and based on the user credentials there should be some changes in the grid view and some additional buttons shall appear, that will allow creating new entries and do something else.
I did go through the Vaadin tutorial, but it only explains what was written in their application, but doesn't teach how to do other things. I tried to find some clues in components documentation and Javadoc, but got lost there.
If someone can give me some tips on where to start digging, I will appreciate greatly.
Vaadin uses Spring Security.
You can use annotations to secure a whole view. But if you want to change certain parts of the view, you must do that programmatically.
Spring Security provides the SecurityContextHolder class to access the logged in user and the roles.
To check if the user has a certain role you can do
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null && auth.getAuthorities().stream().anyMatch(a -> a.getAuthority().equals("ADMIN"))) {
...
}
Is there a way to disable or enable sign ups for a specific application which is independent of the “Disable Sign Ups”-toggle in the dashboard for login with passwordless email (Authentication/Passwordless/Email)?
Only partly.
It's possible via Pre-User-Registration Hook and/or or Rule with some caveats.
Pre-User-Registration Hooks :
https://auth0.com/docs/customize/hooks/extensibility-points/pre-user-registration
Something like this:
module.exports = function (user, context, cb) {
return cb(new PreUserRegistrationError('Denied user registration in Pre-User Registration Hook', 'You are not allowed to register.'));
}
};
Here you can just fail the registration at all times.
Problem with Hooks is that that the Pre-User-Registration Hook does not trigger for social connections / federation, only Database Connections and Passwordless.
Alternatively via Rule:
https://auth0.com/docs/customize/rules
This will always work, but the downside is that the user gets created in Auth0, they will just not be able to further proceed.
In the Rule you basically check the number of logins, if it's 0, you know that it's a new user, and block the login that follows right after user creation (signup) as well as any other time.
Example rule:
https://auth0.com/rules/disable-social-signup
Related earlier answer of mine regarding this, in the Auth0 forum:
https://community.auth0.com/t/disable-signup-from-auth0-ui-and-enable-social-login/29227/2
I just figured out I can create another 'Tenant' (from the dashboard) with a different setting for Sign Up from the dashboard :-)
You could implement a custom Universal Login SPA for sign-up/in that only allows users to sign-in. Pre-registration hook to safeguard against people bypassing the UX.
We are integrating FusionAuth into our user account / profile system for 3 SaaS apps. We'll have about 5 roles established and the onboarding process for each such user is different.
A new user signup could be brand new, could be existing but for a new role, or could be reactivation of an account. So roughly speaking we might need to establish 3 x 5 x 2 (new and returning user) emails for account verification and then the same number of welcome emails. Each email will have specific instructional text, email subject, and links.
The ability to duplicate email templates in the FusionAuth UI would be useful but clearly this isn't a complete solution. If I create multiple tenants to support our development, testing and production releases - it would really be great to be able to maintain a master list of versioned templates and to link any one of those email template versions to any tenant and app.
If you are familiar with SendGrid - the versioned templates there are pretty nice, as is the conditional logic that can be used in the templates to reduce the total number of documents that must be maintained.
For my sanity and for the maintenance burden associated with these emails, I'd like to use only FusionAuth or only SendGrid for these account maintenance emails. Since SendGrid is the more robust email solution it might be the better choice.
What can be accomplished with FusionAuth's User Actions? Can all FusionAuth email templates can be disabled from the FusionAuthUI and API?
Adding a user from our UI will require creating (or returning) the FusionAuth user, setting the FusionAuth App registration, setting the role, then triggering the necessary email.
It could be really cool if all that can be configured as a multistep User Action that creates / updates and configures the user and then triggers the SendGrid template email.
The versioning and duplicate options for email templates are great ideas. FusionAuth does not currently support email template versioning or copy / duplicate in the UI. Can you open these as feature requests in GitHub? https://github.com/FusionAuth/fusionauth-issues/issues
We do support conditional logic within the template. There is a brief tutorial in the FusionAuth docs. https://fusionauth.io/docs/v1/tech/email-templates/email-templates
To build conditional logic you can use essentially anything that FreeMarker supports. https://freemarker.apache.org/
For example
[#if user.data.favoriteColor == "blue"]
Hi ${user.firstName}, I see you like the color blue.
[#else]
Hi ${user.firstName},
[/#if]
If you have some particular use cases or need some help building the logic in your template feel free to ask for help in the FusionAuth Slack channel or ask here.
That said - SendGrid is in the email game, they will likely have some powerful features not available in FusionAuth. If you require many power user features, I wouldn't try to dissuade you from using SendGrid. But do open feature requests so we can make our email templates as useful as possible.
What can be accomplished with FusionAuth's User Actions?
User actions are sort of free form events that will be sent using our Webhook configuration. They can only be taken on a user that already exists in FusionAuth, so it may not be the right fit for your use case. In addition to User Actions, you can enable events such as user.create, etc - so you can respond to these types of events in FusionAuth if that is helpful.
Can all FusionAuth email templates can be disabled from the FusionAuthUI and API?
Not sure what you mean - you can disable the SMTP email configuration which implicitly disables all use of email. This can be done via the System Configuration API. https://fusionauth.io/docs/v1/tech/apis/system#update-the-system-configuration See systemConfiguration.emailConfiguration.enabled. FusionAuth is an API first, so everything you can do in the API you can do through an API.
It could be really cool if all that can be configured as a multistep User Action that creates / updates and configures the user and then triggers the SendGrid template email.
User Actions will not help with this use case. However, you may be able to accomplish this in fewer API calls. If you know the user does not yet exist, you can use the Combo API (Create User + Registration) to create and register the user in one step. https://fusionauth.io/docs/v1/tech/apis/registrations#create-a-user-and-registration-combined
If you omit the roles from this request, the user will be assigned any default roles configured on the application.
If you enable Registration Verification, this will send the user an email of your choosing. This is primarily intended to verify the user intended to register for the application.
The custom workflow idea is a good one however, feel free to open an issue on GitHub. I would envision it as a work flow builder for an application.
Example:
On user registration:
1. Assign role(s): [x] user
[ ] manager
[ ] admin
2. Send email: [select box for email template]
We have a lot of external users to one of our site. They register themselves, and we store the external users with the SQLMembership provider. Internal users (admins) are handled using WindowsMembership.
A standard part of having an account is to be able to reset or change ones own password. Is there a standard EPiServer way of allowing that? I have not found any so far, but it seems strange that every developer should implement that on their own...
Both out of the box-solutions and third party modules are welcome, as well as home grown solutions.
There is a drop down at the top right of the editor navigation showing the current logged in username, in that, click "My Settings"
The direct url would be %pathtoepiserver%/CMS/edit/mysettings.aspx
e.g
/episerver/CMS/edit/mysettings.aspx
EDIT:
Just realised you said external users, not CMS editors. There's no built in way with EPiServer, but the logins use ASP.Net membership system, which has its own controls and templates for common membership functions.
This article might be of assistance:
http://www.asp.net/web-forms/tutorials/security/admin/recovering-and-changing-passwords-cs
I'm looking to write an app that disallows some of the password login options (picture pw or pin) at certain moments - for myself and security reasons.
Any ideas how one would go about finding the APIs to use that can be run when the computer is locked and disallow a specific login option ?
I checked all classes under Windows.Security.Authentication, Windows.System.UserProfile, and Windows.System.Profile, but didn't see anything to toggle those login options. There are method to set the bg pic under Windows.System.UserProfile.LockScreen, but that isn't what i'm looking for - just the ability to toggle the picture pw and pin options.
If you want to alter the login process I believe you have to implement your own custom credential provider. There is a sample in the Windows SDK on how to do this.
You can find more info on MSDN.