Custom Universal Login, multiple Connections, and security

Hi,

Cutting to the point, what we currently have : 3 different Connections (Development, Staging, and a “demo” environment to show the app to prospects), 3 corresponding Applications, one Login page using React / Authorize call.

We need to implement a customized Universal Login, and did so, using the “Custom Login Form” template. It does work, and looks like we want it to. However, our problem on this is that the parameter “connection” in the authorize call isn’t being transferred to the Universal Login ; the config.connection variable isn’t populated, which means we had to make some dictionary on the login page to choose which database to connect to (the user shouldn’t have the choice). For example :

const ENV_DICT = {
      STAGING: {
          TITLE: 'Title 1',
          DB: 'Staging_DB',
      },
      DEMO: {
          TITLE: 'Title 2',
          DB: 'Demo_DB',
      },
      DEFAULT: {
          DB: 'Development_DB',
      },
};

And then, later on, using the correct databaseConnection in webAuth.login call :

webAuth.login({
     realm: databaseConnection,
     //username/password...

What we’re wondering is : is showing the connection name actually secure? Is there another way to do this “branching” without using a dummy dictionary?

Thanks!
Nathanael

Hi @n.curin,

Welcome to the Community!

The config.connection variable is passed to the Universal Login when the /authorize endpoint is called. You can send it from the React code when you call loginWithRedirect:

loginWithRedirect({connection: 'Your-Connection-Name'})

As far as showing the connection name in the Universal Login code, I don’t believe there is a risk there.

Hi,

Thank you for the quick response :slight_smile: ! It was just a detail then, it seems to be working fine now.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.