We are looking for the best way to support users login with username. However, we don’t want to ask all user for a username upon registration, so the “requires username” option in database connections is not an option. We will be creating users that should log with username using the API directly. Our best alternative so far is to create users with email like username@fakedomain.com and modify Lock to support logins with username, capture the login intent and adding fakedomain.com to the email sent to Auth0 API, but seems like a lot of trouble for something that should be simpler (plus we would need to modify Lock and Lock.Android). We don’t want to tell the user to type the whole fakedomain.com email.
Another alternative would be to user two different database connections, each for each kind of users but specifying the connection before hand is not an option when a user tries to login.
Is there a better alternative? Which would be the best solution for this problem?
I might be missing something, but for a database connection emails are currently always required so I’m assuming your end-users will always provide an email and unless they also then later provide a username then the email will be the way those end-user will authenticate.
In addition, a subset of end-users may want to provide a username and then use that instead of email to complete an authentication. In this scenario would it not be acceptable to use the requires username option in the database connection, always assign a unique username at registration time using some predefined recognizable format and then later if the end-user decides they want to provide a real username just replace the automatically assigned one.
With the above end-users that never specified a username would authenticate with email address while the other would have a choice of authenticating with email or username.
Thanks for your help @jmangelo !
My idea is to use fake email addresses in the database connection. For example, for a username 31438105 I would insert 31438105@fakedomain.com in the DB. Obviously I would not be able to verify that email but I don’t mind.
For authentication I would ask users to type only 31438105, append the fake domain and send 31438105@fakedomain.com to Auth0 for authentication.
Thanks for your help @jmangelo !
My idea is to use fake email addresses in the database connection. For example, for a username 31438105 I would insert 31438105@fakedomain.com in the DB. Obviously I would not be able to verify that email but I don’t mind.
For authentication I would ask users to type only 31438105, append the fake domain and send 31438105@fakedomain.com to Auth0 for authentication.
From what you’re saying it sounds like you’re not requiring neither an email nor username at registration time which is confusing to me because I probably lack some context. You should update your question with the exact information end-user have to provide at registration time and then which information they would provide to authenticate.
Thanks again! For registration I want users to use email. But other kind of users will be created using the API from a backend administration system. This kind of users I want to create only using username and they will not be able to register by themselves.