Hi community,
In order to gain more flexibility on the Login Page UI, I use Custom UI Form instead of Lock.
I want to add a checkbox to let the user being able to choose to active ‘Remember Me’ or not.
What I thought is that, I should be able to get a boolean from the checkbox, which is an additional form field, and pass that boolean to my website through login. And in my website, I probably can get that boolean from user_metadata, and use that boolean to decide to save cookie or not.
In Lock, it supports this kind of service, using additionalSignUpFields
in the options. But, if I choose to use custom form with auth0-sdk, how do I achieve this? Thanks.
There’s two parts to your question that are worth noting; the ability to send additional sign up fields (user_metadata
) when not using Lock and the reason you actually want to send an additional field (remember me).
For the first part you can achieve this either by:
Both allow the inclusion of additional user metadata, but do check the constraints documented at (Authentication API Explorer).
In relation to the actual purpose of this additional data, have in mind that although your application can consider that flag and not persist cookie beyond the current browser session the process of authentication through the universal login will mean that a session will also be established at the Auth0 tenant and that session will not take in consideration that flag.
Hi jmangelo,
Thank you for the reply. However, as I know, sign up is to register a new user. But, it is the login
action that I want to include the metadata.
Is there any official ways that support this when login? Or is there exist something work around?
My bad, I interpreted this wrong, but in that case when you say Lock supports it with additionalSignUpFields
that is also not applicable for the login case as this option is for signup.
If this is an option that you want to control per each login there’s not a good way to do this, because the act of submitting the right credentials will trigger a redirect so you lose control of anything in the UI and before submitting the credentials the user is not yet logged in.
In conclusion, I’m afraid that if you want to capture information on a per login basis then there’s not any good solution that I’m aware and for the remember me case in particular it would likely require some level of built-in support (which is not available at this time) in Auth0 itself as I mentioned earlier even the signup ability to set a flag would just mean that the application could use that flag; the Auth0 session would live independently.
I see, thank you for your answer.
Yeah I also didn’t notice the additionalSignUpFields
is for sign up, sorry about the mislead.
Since the Remember Me is a very common feature in login, I still wanted to see if I can achieve that feature with Universal Login.
What if I use the callback which comes after login? Does tokenCallback that comes along with the
login able to pass the field from login page to my personal website? JSDoc: Global
Or is there exists any methods that can pass the field info from universal login page cross-origin ?
Or do you have any example that people use Auth0 achieve the Remember Me feature? Thanks!
The worst case I can think of is probably implemented by embedded login, not Universal.
Apart from going with embedded login which would allow the application to know the value of any field in the login form, because it’s the actual application that implements the login form, I’m not aware of any approach to capture that information on individual logins performed in the universal login form.
However, even with embedded login you could still have the issue of the an Auth0 service session that would not consider that remember me selection. In conclusion, I believe that without support of the service for remember me functionality any attempt to build it on top of it will have a lot of considerations.
How are you thinking in handling the Auth0 session side of things (assuming you solve the client application part)? In particular, it would be irrelevant if the client application can respect remember me, but the Auth0 session lives on independently of that because that session could allow a new login to the application without having to actively re-enter credentials.