logto-io / logto

🧑‍🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.
https://logto.io
Mozilla Public License 2.0
8.73k stars 438 forks source link

feature request: API-based custom sign-up and sign-in. #3787

Open zuohuadong opened 1 year ago

zuohuadong commented 1 year ago

What problem did you meet?

I have a program that wants to do automatic login without going through a login page, but there is no API to provide this.

It does not implement auth 2.0 and does not provide UI .

Describe what you'd like Logto to have

image

I can add users through it, but I can't sign in with a user.

I want to be able to enable user login and registration through an API, regardless of the frontend.

We can not support specific applications and instead offer a universal solution.

gao-sun commented 1 year ago

Do Machine-to-Machine apps solve your issue? Or you want to programmatically fetch tokens that represents a user?

zuohuadong commented 1 year ago

Do Machine-to-Machine apps solve your issue? Or you want to programmatically fetch tokens that represents a user?

No, because you can't get the username and password, and you can't customize the login to get the token

need:

https://next-auth.js.org/getting-started/rest-api

gao-sun commented 1 year ago

@wangsijie @simeng-li can you guys validate the request? thanks

zuohuadong commented 1 year ago

@gao-sun It is not a fully public API that can be tokenized or restricted by source IP. It can even be left to the developers themselves.

simeng-li commented 1 year ago

@zuohuadong do you mind providing some more details of your use case? As for a general to C application, an automatic sign-in flow without establishing a client session is prohibited.
What kind of program do you have? Is it for internal development use only or for public usage? Anyone who holds a valid username credential can get authorized on behave of that user?

zuohuadong commented 1 year ago

@simeng-li wechat miniprogram and nodejs client.

Public use.

Essentially similar to jwt

simeng-li commented 1 year ago

So you would like to host a custom miniapp provided sigh-in form, simply call Logto to auth APIs through your miniapp

zuohuadong commented 1 year ago

@simeng-li If I could provide an API, I would be able to customize the provider

Dav-id commented 1 year ago

To add to this discussion, it would be valuable for me to be able to authenticate users via API by passing their username + password to get a JWT back.

For example, I would do this using a custom UI inside of a Unity3D application where I would not load a webview due to the overhead of embedding chromium or similar inside of the application.

wangsijie commented 1 year ago

@Dav-id I believe this is a meaningful scenario. I will post updates here, so stay tuned.

sskyy commented 11 months ago

It is also valuable for E2E testing.

MyWay commented 9 months ago

To add to this discussion, it would be valuable for me to be able to authenticate users via API by passing their username + password to get a JWT back.

For example, I would do this using a custom UI inside of a Unity3D application where I would not load a webview due to the overhead of embedding chromium or similar inside of the application.

That should be like in keycloak for direct access flow (authorisation flow with no redirect), right? https://devcodef1.com/news/1091935/oauth2-0-flow-with-keycloak

JackyTYang commented 7 months ago

image I wonder what changed in the database when I sign up the first time l open logto:3002 in my browser, because I want implement the sign-up action just by manipulating the database and use the token acquired from database to use api to interact with logto.

wangsijie commented 7 months ago

@JackyTYang To interact with Logto management API, a machine-to-machine application is recommended. Would it be helpful if Logto has a feature to auto generate first machine to machine application after seeding?

JackyTYang commented 7 months ago

Sure, that would be very helpful. We’d appreciate it if you add that feature.

wangsijie commented 7 months ago

We have this feature on our roadmap but haven't locked in a specific timeline for its release. If it's something you're eager to see soon, we encourage contributions and would be thrilled to review a pull request from you.

udleinati commented 5 months ago

Hello, we have the same need here. We have a specific situation where we'd like to implement code-based login to obtain access to JWT. Similar to what can be done with Keycloak or Google Firebase. This feature would be greatly appreciated.

wangsijie commented 5 months ago

Hey guys, we are revisiting this feature, and will post updates here.

johngrimsey commented 5 months ago

Thanks for revisiting, +1 here for this feature

systemis commented 4 months ago

I have same issue, would love to have this feature.

wangsijie commented 4 months ago

We are refactoring the sign in experience APIs

phpmaple commented 2 months ago

Any progress? Do you have a plan to release it at a certain time? I really need this feature.@wangsijie

Loongphy commented 2 months ago

Any progress? Do you have a plan to release it at a certain time? I really need this feature.@wangsijie

I think they're working on it. Not sure when it will be released. See roadmap here.

wangsijie commented 2 months ago

The "Experience API" is currently in testing phase. It's expected to be ready for deployment soon. @simeng-li is leading this project. Please note that the new API still requires redirection and cookies to function properly.

phpmaple commented 2 months ago

The "Experience API" is currently in testing phase. It's expected to be ready for deployment soon. @simeng-li is leading this project. Please note that the new API still requires redirection and cookies to function properly.

So, can I use it in the native app? Redirection may not be useful in native apps.

wangsijie commented 2 months ago

So, can I use it in the native app? Redirection may not be useful in native apps.

Cookies are required, you can implement it by in-app browser.

phpmaple commented 2 weeks ago

@wangsijie What if I don’t want to use a browser and want to implement the UI interface myself in the native app?

wangsijie commented 2 weeks ago

Then you can maintain the cookies by yourself, save "set-cookies" header and set it to headers of each request.