This summary walks through the screens and code paths for the entry point authentication flow.
As well as managing signing in, this also links to signup and account recovery operations.
The entry point to the authentication flow is shown below, when an application triggers an OpenID Connect redirect.
The page is invoked via a GET request to a URL with this format: /authn/authentication/usernamepassword:
The behavior of the Username Password Authenticator is influenced by Account Manager settings:
| Setting | Behavior |
|---|---|
| Username is email | When configured, the user must enter their email address when signing in. This makes the value easy for users to remember, but this may not be supported for some data sources. |
| Enable Registration | This enables new users to sign themselves up, or can be deselected when this should not be allowed. In the latter case the Create Account link will not be shown. |
In some cases the user may need to perform another action before they are able to authenticate.
The authentication page therefore provides links to these flows, though Create Account may be hidden:
If the username is found in the username server-side cookie, it will be restored, otherwise it will be blank.
If the password has been previously saved by the user, the browser will autofill it, otherwise it will be blank.
If invalid credentials are entered, the screen is not submitted and the user must correct their input.
If a credential policy is configured the error presented to users includes policy details:
After authentication, a username cookie is written by the user preferences manager.
The browser may also prompt the user to save their password.
If accepted, then password autofill will work on subsequent logins.
The RequestHandler provides the plugin logic for this flow.
This class is injected with the following SDK objects, which implement its main behavior:
| SDK Object | Usage |
|---|---|
| AccountManager | Used to determine whether to display a Create Account link |
| UserCredentialManager | Used to validate the username and password entered |
| UserPreferenceManager | Used to load the username before authentication, and save it afterwards |
The following resources can be customized as required: