From 69fd0b42fad8ecd129d065c9b1ed7255dd8224cf Mon Sep 17 00:00:00 2001 From: peintnermax Date: Fri, 13 Sep 2024 14:06:00 +0200 Subject: [PATCH] exception --- apps/login/readme.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/login/readme.md b/apps/login/readme.md index fe10c5e8cea..9edef9383ee 100644 --- a/apps/login/readme.md +++ b/apps/login/readme.md @@ -61,7 +61,7 @@ If `loginSettings(org?).allowRegister` is `true`, if will also show a link to ju After a loginname is entered, a `listUsers` request is made using the loginName query to identify already registered users. If only one user is found, we query `listAuthenticationMethodTypes` to identify future steps. -If no authentication methods are found, we render an error stating: _User has no available authentication methods._ +If no authentication methods are found, we render an error stating: _User has no available authentication methods._ (exception see below.) Now if only one method is found, we continue with the corresponding step (/password, /passkey/login). If multiple methods are set, we prefer passkeys over any other method, so we redirect to /passkey, second option is IDP, and third is password. If password is the next step, we check `loginSettings.passkeysType` for PasskeysType.ALLOWED, and prompt the user to setup passkeys afterwards. @@ -70,6 +70,8 @@ If no user is found, we check whether registering is allowed using `loginSetting If `loginSettings?.allowUsernamePassword` is not allowed we continue to check for available IDPs. If a single IDP is available, we directly redirect the user to signup. If no single IDP is set, we check for `loginSettings.allowUsernamePassword` and redirect the user to /register page. -If no previous condition is met, we check whether `loginSettings?.ignoreUnknownUsernames` is `false` and in such case, we return a user not found error. If not, we redirect to the /password page, regardless (to not leak information about a registered user). +If no previous condition is met we throw an error stating the user was not found. + +If the outcome after this order produces a no authentication methods found, or user not found, we check whether `loginSettings?.ignoreUnknownUsernames` is set to `true` as in this case we redirect to the /password page regardless (to not leak information about a registered user). > NOTE: We ignore `loginSettings.allowExternalIdp` as the information whether IDPs are available comes as response from `getActiveIdentityProviders(org?)`