You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The team has generously decided to use a12n-server for auth.
This server primarily uses OAuth2 APIs where relevant, with a little bit of OpenID connect and custom APIs for every feature. The biggest gap in this server is documentation, so anything that's confusing ping me and I will write docs.
For login, you have a few different paths, and decisions have to be made:
You can use the authorization_flow OAuth2 flow. This is the easiest, because you can use off-the-shelf libraries that do this, but the drawback is that the user redirects to the server and then redirects back. You don't have that much control over the user-experience.
1a.: We can make a change in a12n-server that lets you set custom CSS so you can skin it.
1b. : We could also work a bit on this redirect flow and have it appear in a <dialog> without redirecting.
If 1a or 1b are interesting, i can help write tickets with technical specs for the work required.
You can use the 'password' flow. This flow is also standard but only supports a username and password. You fully control the experience as it's a server-to-server API. It is deprecated in OAuth 2.1. and precludes the use of 2-factor auth
Use the authorization_challenge flow which is not yes a standard but I've implemented big parts of this. This flow is specific for 'trusted first parties', which you are. You fully control the user-experience, users don't leave the domain and supports 2-factor auth (right now only TOTP works in a12n-server with this flow.). It's new territory but I like it. Technically the hardest because it needs to support multiple UI steps and needs a session, but I found it fun and interesting to implement.
I recommend login is implemented before registration. Registration can (for the moment) be done in the a12n-server UI.
Let me know if you want to chat through this and which path sounds the most interesting. Depending on the answer, I will write down more about the actual implementation.
The text was updated successfully, but these errors were encountered:
The team has generously decided to use a12n-server for auth.
This server primarily uses OAuth2 APIs where relevant, with a little bit of OpenID connect and custom APIs for every feature. The biggest gap in this server is documentation, so anything that's confusing ping me and I will write docs.
For login, you have a few different paths, and decisions have to be made:
authorization_flowOAuth2 flow. This is the easiest, because you can use off-the-shelf libraries that do this, but the drawback is that the user redirects to the server and then redirects back. You don't have that much control over the user-experience.1a.: We can make a change in a12n-server that lets you set custom CSS so you can skin it.
1b. : We could also work a bit on this redirect flow and have it appear in a
<dialog>without redirecting.If 1a or 1b are interesting, i can help write tickets with technical specs for the work required.
authorization_challengeflow which is not yes a standard but I've implemented big parts of this. This flow is specific for 'trusted first parties', which you are. You fully control the user-experience, users don't leave the domain and supports 2-factor auth (right now only TOTP works in a12n-server with this flow.). It's new territory but I like it. Technically the hardest because it needs to support multiple UI steps and needs a session, but I found it fun and interesting to implement.I recommend login is implemented before registration. Registration can (for the moment) be done in the a12n-server UI.
Let me know if you want to chat through this and which path sounds the most interesting. Depending on the answer, I will write down more about the actual implementation.
The text was updated successfully, but these errors were encountered: