Views
PlusAuth lets you customize every view served by it. Go to Dashboard > Customization > Views.
PlusAuth lets you customize every view served by it. Go to Dashboard > Customization > Views.
There is no limitation in views, you can write any HTML/CSS/JS as long as you make the required requests to PlusAuth. You can have a look to Web API for the corresponding requests to each page.
View Context Parameters
For your business requirements you will need to access to some parameters in views such as authorization parameters, client details, connection name, some view related settings etc. PlusAuth provides a context object for such purposes.
You can access to context object from your views by calling PlusAuth
global object or more specifically window.PlusAuth
.
Here is an example context object:
{
"client": {
"applicationType": "web",
"clientName": "My Client Name",
"logoUri": "https://mycdn.example/logo.png",
"social": [
{
"name": "github",
"provider": "github",
"branding": {
"logo_url": "data:image/svg+xml;base64,...",
"display_name": "GitHub",
"show_in_login": true
}
},
{
"name": "google",
"provider": "google",
"branding": {}
}
]
},
"connection": {
"name": "plusauth",
"type": "plusauth"
},
"details": {},
"params": {
"audience": "uri:my-resource",
"client_id": "<<CLIENT_ID>>",
"nonce": "<<SOME_RANDOM_VALUE>>",
"redirect_uri": "https://myapplication.example/callback",
"response_mode": "fragment",
"response_type": "code",
"scope": "openid profile email scope1 scope2",
"state": "<<SOME_RANDOM_VALUE>>"
},
"prompt": {
"name": "login"
},
"settings": {
"auto_sign_in": true,
"forgot_password_enabled": true,
"password_policy": {
"max": 64,
"min": 4
},
"register_enabled": true,
"tenant_login_url": "https://myapplication.example/start-login",
"welcome_emails_enabled": false
}
}
Hooks
There will be times you want to modify some flows or you want to apply some logic for some actions. PlusAuth provides hooks for you to be able to modify the flow and use your own logic.
Account Blocking Policy
It is a common thing to block users when a number of failed login attempts are made. This behaviour will also help to secure your users from slow brute-force attacks.