TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-11 21:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f07a64f4e52c4e9299332f8603bc49897215cc88
zitadel/apps/login/readme.md

76 lines
3.2 KiB
Markdown
Raw Normal View History

initial setup, ztdl-login, core
2023-04-03 13:39:51 +02:00
# ZITADEL Login UI
chore: move app code into src dir
2024-05-13 16:17:12 -04:00
This is going to be our next UI for the hosted login. It's based on Next.js 13 and its introduced `app/` directory.
mermaid flow diagram
2024-09-12 16:08:58 +02:00
## Flow Diagram
```mermaid
flowchart TD
A[Start] --> register
A[Start] --> accounts
A[Start] --> loginname
A[Start] --> register
flowchart
2024-09-12 16:21:41 +02:00
A[Start] -- signInWithIDP --> idp
mermaid flow diagram
2024-09-12 16:08:58 +02:00
idp --> idp-success
idp --> idp-failure
flowchart
2024-09-12 16:21:41 +02:00
idp-success --> B[signedin]
mermaid flow diagram
2024-09-12 16:08:58 +02:00
idp-failure --> loginname
loginname --> password
loginname -- hasPasskey --> passkey
loginname -- allowRegister --> register
passkey-add --passwordAllowed --> password
passkey -- hasPassword --> password
passkey --> B[signedin]
password -- hasMFA --> mfa
password -- allowPasskeys --> passkey-add
mfa --> otp
otp --> B[signedin]
mfa--> u2f
u2f -->B[signedin]
register --> passkey-add
register --> password-set
password-set --> B[signedin]
passkey-add --> B[signedin]
password --> B[signedin]
password-- forceMFA -->mfaset
mfaset --> u2fset
mfaset --> otpset
u2fset --> B[signedin]
otpset --> B[signedin]
accounts--> loginname
password -- not verified yet -->verify
register-- withpassword -->verify
passkey-- notVerified --> verify
verify --> B[signedin]
```
loginname to ignore usernames, description
2024-09-13 14:01:03 +02:00
### /loginname
This page shows a loginname field and Identity Providers to login or register.
If `loginSettings(org?).allowRegister` is `true`, if will also show a link to jump to /register
- `getLoginSettings(org?)`
- `getLegalAndSupportSettings(org?)`
- `getIdentityProviders(org?)`
- `getBrandingSettings(org?)`
- `getActiveIdentityProviders(org?)`
- `startIdentityProviderFlow`
- `listUsers(org?)`
- `listAuthenticationMethodTypes`
After a loginname is entered, a `listUsers` request is made using the loginName query to identify already registered users.
If only one user is found, we query `listAuthenticationMethodTypes` to identify future steps.
If no authentication methods are found, we render an error stating: _User has no available authentication methods._
Now if only one method is found, we continue with the corresponding step (/password, /passkey/login).
If multiple methods are set, we prefer passkeys over any other method, so we redirect to /passkey, second option is IDP, and third is password.
If password is the next step, we check `loginSettings.passkeysType` for PasskeysType.ALLOWED, and prompt the user to setup passkeys afterwards.
If no user is found, we check whether registering is allowed using `loginSettings.allowRegister`.
If `loginSettings?.allowUsernamePassword` is not allowed we continue to check for available IDPs. If a single IDP is available, we directly redirect the user to signup.
If no single IDP is set, we check for `loginSettings.allowUsernamePassword` and redirect the user to /register page.
If no previous condition is met, we check whether `loginSettings?.ignoreUnknownUsernames` is `false` and in such case, we return a user not found error. If not, we redirect to the /password page, regardless (to not leak information about a registered user).
> NOTE: We ignore `loginSettings.allowExternalIdp` as the information whether IDPs are available comes as response from `getActiveIdentityProviders(org?)`
Reference in New Issue Copy Permalink