I have a need to vary the look and feel and functionality of the Universal Login Page based on which client the user is logging in to.
For the look and feel example, I want to show a different color scheme for some clients than others and may even include an additional disclaimer based on which app you’re logging in to. I may even want to put some kind of temporary prominent notification on the page but only for specific clients.
For the functionality example, I want to change the additional sign up fields collected depending on which application the user is logging in to and may want to disable sign up all together for some applications that manage sign-up internally. I may even want to offer the passwordless flow for some apps but the regular lock widget for others.
I need a way that a systems administrator can change this configuration through the Auth0 UI.
Since there are possible security ramifications to exposing the Client Metadata, I suggest a new toggle option available on the tenant and/or on a Client that’s “Expose Client Metadata to Login UI” (or something aptly named) that defaults to off.
When enabled, this would make the decoded “@@config@@” data passed to render the login page have a “clientMetadata” attribute that functions identically to the “context.clientMetadata” attribute available in Rules.