Vaadin Client should automatically show a login form when access token is missing

[vlukashov]

When using the Vaadin Services JS client, I want it to automatically prompt for username and password if the user is not logged in and tries to make a call to the Vaadin Services backend, so that the default configuration of a Vaadin Serivces project automatically allows users to login without me writing any special code for that.

DoD:

• Vaadin Client has a default login form UI (possibly, using vaadin-login if it is a free component)
• the default login form UI is used if no custom credentials provider is defined
• the default login form is implemented using the custom credentials provider API

The common DoD applies.

[tmattsso]

I don't think any developer would want this as the default behaviour. Most apps have their own custom login screen, with custom logic for when login happens. How would this even work? a popup with a login form? a force redirect to login, destroying form data?

Please reconsider this feature. Personally, I think you should go with a callback route and let the dev control when and how the user inputs their credentials.

[manolo]

Good point. Yes callback is being implemented in https://github.com/vaadin/vaadin-connect/issues/55, does it covers the customisation you meant?

[tmattsso]

That ticket seems to cover the full case; my recommendation would be to drop this one.

[Legioth]

The idea here is that there should be a simple built-in login form that is used by default so that you can get started with the actual application logic immediately. It's then a separate issue that it should also be possible to define your own UI for logging in instead of using the default.

[tmattsso]

what about a compromise, using a generated login form? the user would see where that file comes from, and may choose to either keep it as is during development or to brand it immediately. or to move the logic to wherever they want.

[Legioth]

Might make sense, even though it assumes projects are always created based on a starter that explicitly includes a login form.

The question then would only be what should happen if it's missing.

[vlukashov]

Proposal: if no login form is configured, the default would be to throw with a message like:

https://vaad.in/errors/con-1234: please provide credentials in order to access secured methods with Vaadin Connect (tried to call HelloService.hello())

That requires keeping a page with error descriptions somewhere on vaadin.com/docs and maintaining a list of short links on vaad.in