We have been testing Criipto for auth and it works. But there are a few kinks that makes this non-deal.
First, we get this email confirmation page
Vipps does email confirmation on their side. Is there an option to trust the provider? Feels a bit over the top.
And if it cannot be skipped. Is there a way to style this page? Maybe I’m missing something but couldn’t find the docs for it.
Second, it redirects to root
It redirects to root after confirming email. Can I override this somehow. I want the user to land at a specific app not to root.
A workaround for this is to use a reverse-proxy, or a redirect, and handle things accordingly. But I really don’t want to do that if I can avoid it.
Anyone knows how to fix these issues?
Hi!
The reason for this confirmation is security. Currently, adding “Custom Auth Provider” in Appfarm Create allows you to select Google, Auth0, Azure AD and “Custom”. For the three first, we know that these are trusted and that the email address has beeen verified. For “Custom”, the developer could theoretically just set up a server and pretend to be authenticating the user. And, if we trust the “Custom” provider by default, that could let in unverified email addresses into Appfarm client and Appfarm create (a security group with access to Appfarm Create could be given to the unverified user).
However, it makes sense that Criipto and Vipps are trusted. So, I’ve registered a challenge on a more dynamic list of trusted providers.
But for now, you will need to confirm your email address upon first login using Criipto or Vipps directly. Auth0 would not. That screen is to tightly connected to the (important) login flow so the configurability will be very limited, but I agree that at least logo and color should be configurable.
4 Likes
