Open zuohuadong opened 1 year ago
Do Machine-to-Machine apps solve your issue? Or you want to programmatically fetch tokens that represents a user?
Do Machine-to-Machine apps solve your issue? Or you want to programmatically fetch tokens that represents a user?
No, because you can't get the username and password, and you can't customize the login to get the token
need:
@wangsijie @simeng-li can you guys validate the request? thanks
@gao-sun It is not a fully public API that can be tokenized or restricted by source IP. It can even be left to the developers themselves.
@zuohuadong do you mind providing some more details of your use case? As for a general to C application, an automatic sign-in flow without establishing a client session is prohibited.
What kind of program do you have? Is it for internal development use only or for public usage?
Anyone who holds a valid username credential can get authorized on behave of that user?
@simeng-li wechat miniprogram and nodejs client.
Public use.
Essentially similar to jwt
So you would like to host a custom miniapp provided sigh-in form, simply call Logto to auth APIs through your miniapp
@simeng-li If I could provide an API, I would be able to customize the provider
To add to this discussion, it would be valuable for me to be able to authenticate users via API by passing their username + password to get a JWT back.
For example, I would do this using a custom UI inside of a Unity3D application where I would not load a webview due to the overhead of embedding chromium or similar inside of the application.
@Dav-id I believe this is a meaningful scenario. I will post updates here, so stay tuned.
It is also valuable for E2E testing.
To add to this discussion, it would be valuable for me to be able to authenticate users via API by passing their username + password to get a JWT back.
For example, I would do this using a custom UI inside of a Unity3D application where I would not load a webview due to the overhead of embedding chromium or similar inside of the application.
That should be like in keycloak for direct access flow (authorisation flow with no redirect), right? https://devcodef1.com/news/1091935/oauth2-0-flow-with-keycloak
I wonder what changed in the database when I sign up the first time l open logto:3002 in my browser, because I want implement the sign-up action just by manipulating the database and use the token acquired from database to use api to interact with logto.
@JackyTYang To interact with Logto management API, a machine-to-machine application is recommended. Would it be helpful if Logto has a feature to auto generate first machine to machine application after seeding?
Sure, that would be very helpful. We’d appreciate it if you add that feature.
We have this feature on our roadmap but haven't locked in a specific timeline for its release. If it's something you're eager to see soon, we encourage contributions and would be thrilled to review a pull request from you.
Hello, we have the same need here. We have a specific situation where we'd like to implement code-based login to obtain access to JWT. Similar to what can be done with Keycloak or Google Firebase. This feature would be greatly appreciated.
Hey guys, we are revisiting this feature, and will post updates here.
Thanks for revisiting, +1 here for this feature
I have same issue, would love to have this feature.
We are refactoring the sign in experience APIs
Any progress? Do you have a plan to release it at a certain time? I really need this feature.@wangsijie
Any progress? Do you have a plan to release it at a certain time? I really need this feature.@wangsijie
I think they're working on it. Not sure when it will be released. See roadmap here.
The "Experience API" is currently in testing phase. It's expected to be ready for deployment soon. @simeng-li is leading this project. Please note that the new API still requires redirection and cookies to function properly.
The "Experience API" is currently in testing phase. It's expected to be ready for deployment soon. @simeng-li is leading this project. Please note that the new API still requires redirection and cookies to function properly.
So, can I use it in the native app? Redirection may not be useful in native apps.
So, can I use it in the native app? Redirection may not be useful in native apps.
Cookies are required, you can implement it by in-app browser.
@wangsijie What if I don’t want to use a browser and want to implement the UI interface myself in the native app?
Then you can maintain the cookies by yourself, save "set-cookies" header and set it to headers of each request.
What problem did you meet?
I have a program that wants to do automatic login without going through a login page, but there is no API to provide this.
It does not implement auth 2.0 and does not provide UI .
Describe what you'd like Logto to have
I can add users through it, but I can't sign in with a user.
I want to be able to enable user login and registration through an API, regardless of the frontend.
We can not support specific applications and instead offer a universal solution.