Findings while testing new login
I have added the new login to my test application and went through different flows, here are some findings:
Bugs:
- [x] I have configured password and passwordless for my user, when i quit the passwordless login and press use password instead, enter the password, nothing happens afterwards
- [x] If i do not send a prompt, wouldn't it make sense to show the select account?
To implement:
- [x] Back buttons are missing, Example: There is no back button from the password login method
- [x] Register Button missing when enabled in policy
- [x] Password reset link
IDPs:
- [ ] Auto linking does not work
- [ ] When user already exists, ugly error message is shown, linking not possible
if i do not send a prompt, wouldn't it make sense to show the select account? After talking with @livio-a we decided that a direct login reflects the current behaviour of the login and makes most sense to reduce customer interactions
if i do not send a prompt, wouldn't it make sense to show the select account? After talking with @livio-a we decided that a direct login reflects the current behaviour of the login and makes most sense to reduce customer interactions
For completeness: The current behavior would automatically prompt the user for an account selections as soon as multiple sessions exist and only reuse the existing as long as there's only a single session, not explicitly terminated. Both options require the client to send additional parameters in one or the other case:
- prompt=select_account to let the user chose on the new option
- login_hint / id_token_hint to preselect the user session in the current login