Selector
Customisable authentication menu
3.1.0 - Access
Customisable authentication menu
Introduction
The Selector authenticator is responsible for presenting a list of authentication options for the user to select from (a "menu").
The selector completes when the user selected authentication option (single authenticator or chain) completes.
Selectors can be nested with other selectors and s.
Common Authenticator configuration can be found .
base_path
options
[]
auto_select
Turns off automatic selection if only one option is available.
true
auto_complete
Turns on automatic authentication completion (flow continues) if no options is available (selector is not displayed).
false
lazy_expiry
Turns on automatic re-selection of previously selected option when authenticator has expired (selector is not displayed).
false
verbose
Turns on extended trace logging. Use for troubleshooting only.
false
webroot_dir
See common authenticator documentation
web/authenticator/selector
An option represents a user selectable option in the view.
id
Configuration unique identifier for option.
target
Id of authenticator implementing the option.
label
Option label. Text or translation key.
logo
Logo URL for option. Preferably monochrome svg logo.
include_expr
Predicate expression controlling if option should be included (displayed/selectable) or not.
true
The include predicate is a boolean expression. If the expression is evaluated to true the option is included in the list of available options and displayed to the user.
If filtering results in only one option, automatic selection is performed unless turned off ("auto_select": false). If filtering results in no option an error is displayed unless automatic completion is turned on ("auto_complete": true).
The actual filter is an ECMA-script (JavaScript) that MUST evaluate to true, false or to a boolean function returning true or false.
During expression evaluation data is made available in scopes. A scope is a map (i.e key-values or hash) where values are accessed using a name and plain dot notation.
The following scopes are available:
request
The current authentication request including HTTP headers and params
session
The current session.
state
The current authentication state.
exports
Exported properties.
input
Authenticator input
subject
Current authentication subject (not a scope)
When a user makes a selection, a redirect will occur to the chosen authenticator. The path to the authenticator is constructed by combining base_path with the selected authenticator's ID (specified in target).
Note that base_path is also used to generate the path for the current authenticator. This is intentional, as all authenticators in a flow must share the same path and session (which is managed by the path).
Selector authenticators supports the following messages:
Init message must be sent before/during the view is loading. Response contains the options that should be presented to the user.
Init may be called while authenticator is in progress under the following circumstances:
Callback from selected authenticator
Browser reload (user refreshes page)
Browser back (user cancels selected authenticator and navigates back)
The action message is used for selecting an option. This message is triggered by a user action.
The complete response message is sent when the authentication has completed. If message contains a location property; view must redirect user agent to the supplied location.
There are a number of logos that comes default. All are located in the assets/svg/ folder
bankid.svg
Default translations provided:
The base path for this authenticator and used to construct the path to the selected authenticator. (see )
List of s to be presented to the user. A selector without options will block the authentication and therefor at least one option must be present.
API follows the general conventions of the Fortified .
. f f
For custom logos use and refer to the image location as above
