Versions Compared

Old Version 4

changes.mady.by.user Diakonov Serhii

Saved on

compared with

New Version Current

changes.mady.by.user Diakonov Serhii

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As mentioned above, such changes lead to changing of system's behavior both on front-end and back-end sides.

Changes on front-endChanges on back-end
If login option (facebook, google etc.) disabled, then
an appropriate button disappears
from login page		If login option (facebook, google etc.) disabled, then
endpoint for appropriate option (e.g. /api/v1/login/facebook)
isn't registered and exposed, so an attempt to reach it leads to error
with the message "No handler."

Listed login options can be enabled or disabled in any combinations.
If you want to add another third-party for login flow, please, refer to the article sign in/up with social networks.

...

As access and refresh tokens are handled by front-end, then for user after the last step follows redirect to main page.

One-step login flow

...

If additional security isn't required, then one-step login flow can be chosen.
For that MFA should be disabled for the system. In such case login flow is changed
to one-step login.
NOTE 1: If you want to have a one-step login flow in the system, then MFA should
be disabled for the whole system which affects other operations and makes them
less secure, especially User key (email and phone number) recovery flow.

NOTE 2: Login via third-parties is configured separately from MFA, so it can be
performed in both cases.

So application.yaml should be configured as following:

Code Block
languageyml
titleapplication.yaml
...
systemBehaviorConfigurations:
  multifactorAuthentication:
    multifactorAuthSystemEnabled: false
...

If login is performed via email or phone number with the following configuration,
then only one action should be performed for login.

Path: /api/v1/login

Code Block
languagejs
titlerequest
{
	"userKey": "email/phone number",
	"password": "user password"
}
Code Block
languagejs
titleresponse
{
  "accessToken" : "access token",
  "refreshToken": "refresh token"
}


NOTE: As you can see, endpoint with the same path ("/api/v1/login") has different responses
depending on system configuration. It's achieved due to custom logic of @RegisterEndpointCondition
annotation, which allows to map different method to the same path depending on configuration.


If you have any questions regarding login flow or any other questions, feel free to contact Diakonov Serhii (s.dyakonov@knubisoft.com) or Kostenko Vadym (v.kostenko@knubisoft.com)

...